LucDuran
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by LucDuran
-
-
Hi,
I ran both virus definition update and app update. Everything went through fine.
MSE does indicate that I have 30 days to authenticate as this is still an issue for the moment.
Luc
-
Hi,
Here is the ComboFix log.
Luc
====================================
ComboFix 13-01-06.01 - Luc Duranleau 2013-01-08 7:02.4.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.987 [GMT -5:00]
Lancé depuis: c:\users\Luc Duranleau\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luc Duranleau\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\00010029.ci
c:\found.000\dir0000.chk\00010029.dir
c:\found.000\dir0000.chk\00010029.wid
c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners
c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners\app.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-08 au 2013-01-08 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-08 12:15 . 2013-01-08 12:18 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\temp
2013-01-08 12:15 . 2013-01-08 12:15 -------- d-----w- c:\users\Invité\AppData\Local\temp
2013-01-08 12:15 . 2013-01-08 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-07 19:49 . 2013-01-07 19:49 -------- d-----w- c:\programdata\Apple Computer
2013-01-07 18:59 . 2013-01-07 18:59 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Secunia PSI
2013-01-07 18:58 . 2013-01-07 18:58 -------- d-----w- c:\program files\Secunia
2013-01-07 18:44 . 2013-01-07 18:44 -------- d-----w- c:\program files\FileHippo.com
2013-01-05 19:21 . 2013-01-06 18:11 -------- d-----w- C:\MGADiagToolOutput
2013-01-05 19:11 . 2013-01-05 19:11 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-01-05 16:42 . 2013-01-05 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 16:42 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 14:21 . 2013-01-05 14:21 -------- d-----w- c:\programdata\RegSERVO
2013-01-04 20:32 . 2013-01-07 18:21 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\LogMeIn Rescue Applet
2013-01-04 19:05 . 2013-01-04 19:05 4729224 ----a-w- c:\windows\uninst.exe
2013-01-04 19:05 . 2013-01-04 19:17 -------- d-----w- c:\programdata\PC1Data
2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PCPro
2013-01-04 16:37 . 2013-01-04 16:37 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Macromedia
2013-01-04 16:36 . 2013-01-04 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 16:25 . 2012-11-28 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-03 22:58 . 2013-01-03 22:58 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-03 21:13 . 2013-01-03 21:13 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-03 21:13 . 2013-01-03 21:13 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-12-25 07:53 . 2012-12-25 07:53 -------- d-----w- c:\users\Luc Duranleau\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 12:17 . 2010-08-25 23:14 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-08 03:23 . 2008-10-03 13:26 58288 ------w- c:\windows\system32\rpcnet.exe
2013-01-07 19:47 . 2011-09-11 20:32 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-03 23:00 . 2010-08-29 03:54 279552 ----a-w- c:\windows\system32\services.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-03 21:13 . 2012-04-12 20:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reminder"="c:\program files\TOSHIBA\reminder\reminder.exe" [2007-05-16 407672]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-13 113664]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74AEAE6A-923F-4414-A6C1-ABCC0714A59C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-29 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.iciwave.com/
uInternet Settings,ProxyServer = fpro.rtss.qc.ca:8080
uInternet Settings,ProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: desjardins.com\accesd.affaires
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-toscdspd - TOSCDSPD.EXE
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-08 07:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft Office\Office12\GrooveAuditService.exe
c:\windows\System32\msdtc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Microsoft Security Client\NisSrv.exe
c:\program files\Nitro PDF\Converter\NitroPDFDriverService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\rpcnet.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\vds.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\iashost.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SLUI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2013-01-08 07:28:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-01-08 12:27
ComboFix2.txt 2013-01-08 00:46
.
Avant-CF: 33 834 127 360 octets libres
Après-CF: 33 828 306 944 octets libres
.
- - End Of File - - 4DE651249A4AF833F34DB3A83880936A
-
Hi,
I just wanted to be sure as other posts I have read mentionned this when trying to run ComboFix a second time.
As for the claim, I am sorry if it is interpreted this way. It was not my intention. I simply checked the time the authentication problem occured and the reboot I did after the
Malaware disinfection. The issue is obviously more complex than that as I can well see. Please do not
As for ComboFix. I did run it after the problem began to manifest itself. It ran and asked to reboot. On reboot, it started up again with a message saying it was preparing
a report. It hung there and I had to close the window after a long wait. I then uninstalled it. This probably deleted the log files in the folder. My mistake.
Will run your script now.
Luc
-
Hi,
Here are the TDSSKiller, ESET and RogueKiller logs at the time things screwed up with authentication.
Luc
=================================================================
17:57:47.0936 4804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:57:48.0290 4804 ============================================================
17:57:48.0290 4804 Current date / time: 2013/01/03 17:57:48.0290
17:57:48.0290 4804 SystemInfo:
17:57:48.0290 4804
17:57:48.0290 4804 OS Version: 6.0.6002 ServicePack: 2.0
17:57:48.0290 4804 Product type: Workstation
17:57:48.0290 4804 ComputerName: LEONIDAS
17:57:48.0290 4804 UserName: Luc Duranleau
17:57:48.0290 4804 Windows directory: C:\Windows
17:57:48.0290 4804 System windows directory: C:\Windows
17:57:48.0290 4804 Processor architecture: Intel x86
17:57:48.0290 4804 Number of processors: 2
17:57:48.0290 4804 Page size: 0x1000
17:57:48.0290 4804 Boot type: Normal boot
17:57:48.0290 4804 ============================================================
17:57:49.0530 4804 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:57:49.0530 4804 ============================================================
17:57:49.0530 4804 \Device\Harddisk0\DR0:
17:57:49.0530 4804 MBR partitions:
17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B865800
17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C717800, BlocksNum 0xAAE000
17:57:49.0530 4804 ============================================================
17:57:49.0580 4804 C: <-> \Device\Harddisk0\DR0\Partition1
17:57:49.0630 4804 D: <-> \Device\Harddisk0\DR0\Partition2
17:57:49.0630 4804 ============================================================
17:57:49.0630 4804 Initialize success
17:57:49.0630 4804 ============================================================
17:57:53.0031 1652 ============================================================
17:57:53.0031 1652 Scan started
17:57:53.0031 1652 Mode: Manual;
17:57:53.0031 1652 ============================================================
17:57:54.0121 1652 ================ Scan system memory ========================
17:57:54.0121 1652 System memory - ok
17:57:54.0121 1652 ================ Scan services =============================
17:57:54.0431 1652 [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883 C:\Windows\system32\DRIVERS\61883.sys
17:57:54.0431 1652 61883 - ok
17:57:54.0582 1652 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:57:54.0582 1652 ACPI - ok
17:57:54.0683 1652 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:57:54.0683 1652 Adobe LM Service - ok
17:57:54.0753 1652 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:57:54.0763 1652 adp94xx - ok
17:57:54.0813 1652 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:57:54.0813 1652 adpahci - ok
17:57:54.0843 1652 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:57:54.0843 1652 adpu160m - ok
17:57:54.0883 1652 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:57:54.0883 1652 adpu320 - ok
17:57:54.0963 1652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:57:54.0963 1652 AeLookupSvc - ok
17:57:55.0043 1652 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys
17:57:55.0043 1652 AFD - ok
17:57:55.0083 1652 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:57:55.0083 1652 AgereModemAudio - ok
17:57:55.0183 1652 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
17:57:55.0253 1652 AgereSoftModem - ok
17:57:55.0293 1652 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:57:55.0293 1652 agp440 - ok
17:57:55.0343 1652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:57:55.0353 1652 aic78xx - ok
17:57:55.0413 1652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:57:55.0413 1652 ALG - ok
17:57:55.0443 1652 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
17:57:55.0453 1652 aliide - ok
17:57:55.0503 1652 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:57:55.0503 1652 amdagp - ok
17:57:55.0523 1652 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
17:57:55.0523 1652 amdide - ok
17:57:55.0553 1652 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:57:55.0553 1652 AmdK7 - ok
17:57:55.0593 1652 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:57:55.0593 1652 AmdK8 - ok
17:57:55.0633 1652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:57:55.0633 1652 Appinfo - ok
17:57:55.0683 1652 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
17:57:55.0693 1652 arc - ok
17:57:55.0713 1652 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:57:55.0713 1652 arcsas - ok
17:57:55.0753 1652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:55.0753 1652 AsyncMac - ok
17:57:55.0823 1652 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:57:55.0833 1652 atapi - ok
17:57:55.0883 1652 [ CED8A3D0DA7803CC755A21D78D326139 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:57:55.0883 1652 Ati External Event Utility - ok
17:57:56.0073 1652 [ 8CE91545423A431353869ED5ADE90ECE ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:57:56.0203 1652 atikmdag - ok
17:57:56.0273 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:57:56.0283 1652 AudioEndpointBuilder - ok
17:57:56.0303 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:57:56.0303 1652 Audiosrv - ok
17:57:56.0353 1652 [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc C:\Windows\system32\DRIVERS\avc.sys
17:57:56.0363 1652 Avc - ok
17:57:56.0403 1652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:57:56.0403 1652 Beep - ok
17:57:56.0483 1652 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:57:56.0483 1652 BFE - ok
17:57:56.0603 1652 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:57:56.0613 1652 BITS - ok
17:57:56.0623 1652 blbdrive - ok
17:57:56.0633 1652 Bonjour Service - ok
17:57:56.0704 1652 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:57:56.0704 1652 bowser - ok
17:57:56.0735 1652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:57:56.0735 1652 BrFiltLo - ok
17:57:56.0751 1652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:57:56.0751 1652 BrFiltUp - ok
17:57:56.0798 1652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:57:56.0798 1652 Browser - ok
17:57:56.0829 1652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:57:56.0829 1652 Brserid - ok
17:57:56.0854 1652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:57:56.0854 1652 BrSerWdm - ok
17:57:56.0874 1652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:57:56.0874 1652 BrUsbMdm - ok
17:57:56.0894 1652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:57:56.0894 1652 BrUsbSer - ok
17:57:56.0914 1652 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:57:56.0924 1652 BTHMODEM - ok
17:57:57.0184 1652 catchme - ok
17:57:57.0224 1652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:57:57.0224 1652 cdfs - ok
17:57:57.0294 1652 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:57:57.0294 1652 cdrom - ok
17:57:57.0394 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:57:57.0394 1652 CertPropSvc - ok
17:57:57.0444 1652 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
17:57:57.0444 1652 CFSvcs - ok
17:57:57.0494 1652 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
17:57:57.0494 1652 circlass - ok
17:57:57.0564 1652 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:57:57.0574 1652 CLFS - ok
17:57:57.0664 1652 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:57.0664 1652 clr_optimization_v2.0.50727_32 - ok
17:57:57.0704 1652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:57.0704 1652 CmBatt - ok
17:57:57.0734 1652 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:57:57.0744 1652 cmdide - ok
17:57:57.0784 1652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:57:57.0784 1652 Compbatt - ok
17:57:57.0794 1652 COMSysApp - ok
17:57:57.0804 1652 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:57:57.0814 1652 crcdisk - ok
17:57:57.0844 1652 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:57:57.0844 1652 Crusoe - ok
17:57:57.0914 1652 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:57:57.0914 1652 CryptSvc - ok
17:57:58.0004 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:57:58.0034 1652 DcomLaunch - ok
17:57:58.0144 1652 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:57:58.0144 1652 DfsC - ok
17:57:58.0304 1652 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:57:58.0384 1652 DFSR - ok
17:57:58.0454 1652 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:57:58.0464 1652 Dhcp - ok
17:57:58.0524 1652 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:57:58.0524 1652 disk - ok
17:57:58.0594 1652 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:57:58.0604 1652 Dnscache - ok
17:57:58.0664 1652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:57:58.0674 1652 dot3svc - ok
17:57:58.0724 1652 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:57:58.0724 1652 dot4 - ok
17:57:58.0784 1652 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:57:58.0794 1652 Dot4Print - ok
17:57:58.0804 1652 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
17:57:58.0804 1652 Dot4Scan - ok
17:57:58.0824 1652 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:57:58.0834 1652 dot4usb - ok
17:57:58.0874 1652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:57:58.0884 1652 DPS - ok
17:57:58.0904 1652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:57:58.0914 1652 drmkaud - ok
17:57:58.0956 1652 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
17:57:58.0956 1652 dsNcAdpt - ok
17:57:59.0065 1652 [ A6B5ECF684769A99D96175F9D1E1337C ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
17:57:59.0065 1652 dsNcService - ok
17:57:59.0126 1652 [ 5C7E2097B91D689DED7A6FF90F0F3A25 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:57:59.0156 1652 DXGKrnl - ok
17:57:59.0216 1652 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:57:59.0216 1652 E1G60 - ok
17:57:59.0276 1652 [ 0DC2665363C769FF0AA3B30FA73D69D6 ] E2ECAM C:\Windows\system32\DRIVERS\wavedt.sys
17:57:59.0276 1652 E2ECAM - ok
17:57:59.0346 1652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:57:59.0346 1652 EapHost - ok
17:57:59.0426 1652 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:57:59.0436 1652 Ecache - ok
17:57:59.0436 1652 eeef - ok
17:57:59.0506 1652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:57:59.0516 1652 ehRecvr - ok
17:57:59.0576 1652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:57:59.0576 1652 ehSched - ok
17:57:59.0616 1652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:57:59.0616 1652 ehstart - ok
17:57:59.0686 1652 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:57:59.0686 1652 elxstor - ok
17:57:59.0766 1652 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:57:59.0776 1652 EMDMgmt - ok
17:57:59.0796 1652 esgiguard - ok
17:57:59.0896 1652 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:57:59.0896 1652 EventSystem - ok
17:57:59.0976 1652 [ 298C8F404968A600D1C298D43783BDB8 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:57:59.0986 1652 EvtEng - ok
17:58:00.0056 1652 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:58:00.0066 1652 exfat - ok
17:58:00.0106 1652 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:58:00.0116 1652 fastfat - ok
17:58:00.0156 1652 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:58:00.0156 1652 fdc - ok
17:58:00.0226 1652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:58:00.0226 1652 fdPHost - ok
17:58:00.0266 1652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:58:00.0276 1652 FDResPub - ok
17:58:00.0306 1652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:58:00.0306 1652 FileInfo - ok
17:58:00.0366 1652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:58:00.0366 1652 Filetrace - ok
17:58:00.0506 1652 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:58:00.0546 1652 FLEXnet Licensing Service - ok
17:58:00.0586 1652 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:00.0586 1652 flpydisk - ok
17:58:00.0676 1652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:58:00.0696 1652 FltMgr - ok
17:58:00.0776 1652 [ D49705F25390265CAD9B620F55EA968C ] FontCache C:\Windows\system32\FntCache.dll
17:58:00.0816 1652 FontCache - ok
17:58:00.0936 1652 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:58:00.0956 1652 FontCache3.0.0.0 - ok
17:58:00.0986 1652 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:58:00.0986 1652 Fs_Rec - ok
17:58:01.0036 1652 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:58:01.0036 1652 gagp30kx - ok
17:58:01.0156 1652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:58:01.0186 1652 gpsvc - ok
17:58:01.0226 1652 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:58:01.0226 1652 hamachi - ok
17:58:01.0306 1652 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:58:01.0316 1652 HdAudAddService - ok
17:58:01.0466 1652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:58:01.0546 1652 HDAudBus - ok
17:58:01.0596 1652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:58:01.0596 1652 HidBth - ok
17:58:01.0656 1652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:58:01.0676 1652 HidIr - ok
17:58:01.0716 1652 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
17:58:01.0716 1652 hidserv - ok
17:58:01.0736 1652 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:58:01.0756 1652 HidUsb - ok
17:58:01.0806 1652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:58:01.0806 1652 hkmsvc - ok
17:58:01.0856 1652 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:58:01.0876 1652 HpCISSs - ok
17:58:01.0926 1652 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:58:01.0946 1652 HTTP - ok
17:58:01.0996 1652 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:58:02.0016 1652 i2omp - ok
17:58:02.0076 1652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:58:02.0122 1652 i8042prt - ok
17:58:02.0184 1652 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:58:02.0184 1652 iaStor - ok
17:58:02.0215 1652 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:58:02.0231 1652 iaStorV - ok
17:58:02.0342 1652 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:58:02.0362 1652 idsvc - ok
17:58:02.0362 1652 igfx - ok
17:58:02.0392 1652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:58:02.0392 1652 iirsp - ok
17:58:02.0472 1652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:58:02.0482 1652 IKEEXT - ok
17:58:02.0492 1652 IntcAzAudAddService - ok
17:58:02.0532 1652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:58:02.0532 1652 intelide - ok
17:58:02.0542 1652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:58:02.0542 1652 intelppm - ok
17:58:02.0612 1652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:58:02.0612 1652 IPBusEnum - ok
17:58:02.0662 1652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:02.0662 1652 IpFilterDriver - ok
17:58:02.0692 1652 [ 7F83B06A929A981BC001B2EA304D2036 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:58:02.0692 1652 iphlpsvc - ok
17:58:02.0702 1652 IpInIp - ok
17:58:02.0752 1652 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:58:02.0752 1652 IPMIDRV - ok
17:58:02.0812 1652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:58:02.0812 1652 IPNAT - ok
17:58:02.0872 1652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:58:02.0872 1652 IRENUM - ok
17:58:02.0912 1652 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:58:02.0912 1652 isapnp - ok
17:58:03.0002 1652 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:58:03.0012 1652 iScsiPrt - ok
17:58:03.0062 1652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:58:03.0062 1652 iteatapi - ok
17:58:03.0112 1652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:58:03.0112 1652 iteraid - ok
17:58:03.0182 1652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:03.0182 1652 kbdclass - ok
17:58:03.0222 1652 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:58:03.0232 1652 kbdhid - ok
17:58:03.0272 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
17:58:03.0272 1652 KeyIso - ok
17:58:03.0332 1652 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:58:03.0362 1652 KSecDD - ok
17:58:03.0442 1652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:58:03.0452 1652 KtmRm - ok
17:58:03.0502 1652 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
17:58:03.0512 1652 LanmanServer - ok
17:58:03.0542 1652 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:58:03.0552 1652 LanmanWorkstation - ok
17:58:03.0592 1652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:58:03.0602 1652 lltdio - ok
17:58:03.0652 1652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:58:03.0652 1652 lltdsvc - ok
17:58:03.0692 1652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:58:03.0692 1652 lmhosts - ok
17:58:03.0742 1652 LMIInfo - ok
17:58:03.0792 1652 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
17:58:03.0792 1652 lmimirr - ok
17:58:03.0802 1652 LMIRfsClientNP - ok
17:58:03.0832 1652 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
17:58:03.0832 1652 LMIRfsDriver - ok
17:58:03.0872 1652 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
17:58:03.0902 1652 LPCFilter - ok
17:58:03.0932 1652 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:58:03.0932 1652 LSI_FC - ok
17:58:03.0992 1652 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:58:03.0992 1652 LSI_SAS - ok
17:58:04.0022 1652 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:58:04.0022 1652 LSI_SCSI - ok
17:58:04.0062 1652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:58:04.0062 1652 luafv - ok
17:58:04.0072 1652 LVcKap - ok
17:58:04.0082 1652 LVMVDrv - ok
17:58:04.0202 1652 [ FF6E9C169F3372D0046DEDBE63E461F2 ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys
17:58:04.0272 1652 lvpopflt - ok
17:58:04.0282 1652 LVPr2Mon - ok
17:58:04.0302 1652 LVPrcSrv - ok
17:58:04.0342 1652 [ F7D667093387A389D2D90CCE7178B3A5 ] lvselsus C:\Windows\system32\DRIVERS\lvselsus.sys
17:58:04.0342 1652 lvselsus - ok
17:58:04.0392 1652 [ CCFF53B1FCDFA9EDE919E3BDBD10D0FD ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys
17:58:04.0392 1652 LVUSBSta - ok
17:58:04.0482 1652 [ 9C1123052624356CD7C05D5C5767BF57 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
17:58:04.0532 1652 LVUVC - ok
17:58:04.0632 1652 [ 677FB31C7F6140FD97C91FF3929B702A ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
17:58:04.0662 1652 MaxBackServiceInt - ok
17:58:04.0722 1652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:58:04.0732 1652 Mcx2Svc - ok
17:58:04.0902 1652 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:58:04.0902 1652 MDM - ok
17:58:04.0952 1652 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
17:58:04.0952 1652 megasas - ok
17:58:05.0102 1652 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:58:05.0102 1652 Microsoft Office Groove Audit Service - ok
17:58:05.0162 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:58:05.0162 1652 MMCSS - ok
17:58:05.0202 1652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:58:05.0202 1652 Modem - ok
17:58:05.0252 1652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:58:05.0252 1652 monitor - ok
17:58:05.0262 1652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:58:05.0272 1652 mouclass - ok
17:58:05.0282 1652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:58:05.0282 1652 mouhid - ok
17:58:05.0302 1652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\DRIVERS\MOUNTMGR.SYS
17:58:05.0312 1652 MountMgr - ok
17:58:05.0362 1652 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:58:05.0362 1652 MozillaMaintenance - ok
17:58:05.0402 1652 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:58:05.0412 1652 MpFilter - ok
17:58:05.0452 1652 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
17:58:05.0452 1652 mpio - ok
17:58:05.0492 1652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:58:05.0492 1652 mpsdrv - ok
17:58:05.0532 1652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:58:05.0532 1652 Mraid35x - ok
17:58:05.0602 1652 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:58:05.0602 1652 MRxDAV - ok
17:58:05.0662 1652 [ 454341E652BDF5E01B0F2140232B073E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:05.0662 1652 mrxsmb - ok
17:58:05.0692 1652 [ 2A4901AFF069944FA945ED5BBF4DCDE3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:05.0702 1652 mrxsmb10 - ok
17:58:05.0722 1652 [ 28B3F1AB44BDD4432C041581412F17D9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:05.0722 1652 mrxsmb20 - ok
17:58:05.0742 1652 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
17:58:05.0742 1652 msahci - ok
17:58:05.0772 1652 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:58:05.0782 1652 msdsm - ok
17:58:05.0822 1652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:58:05.0832 1652 MSDTC - ok
17:58:05.0882 1652 [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
17:58:05.0882 1652 MSDV - ok
17:58:05.0922 1652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:58:05.0922 1652 Msfs - ok
17:58:05.0942 1652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:58:05.0952 1652 msisadrv - ok
17:58:06.0002 1652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:58:06.0002 1652 MSiSCSI - ok
17:58:06.0012 1652 msiserver - ok
17:58:06.0092 1652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:58:06.0092 1652 MSKSSRV - ok
17:58:06.0152 1652 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:58:06.0152 1652 MsMpSvc - ok
17:58:06.0182 1652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:06.0182 1652 MSPCLOCK - ok
17:58:06.0222 1652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:58:06.0232 1652 MSPQM - ok
17:58:06.0322 1652 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:58:06.0322 1652 MsRPC - ok
17:58:06.0342 1652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:58:06.0342 1652 mssmbios - ok
17:58:06.0362 1652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:58:06.0362 1652 MSTEE - ok
17:58:06.0392 1652 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:58:06.0392 1652 Mup - ok
17:58:06.0432 1652 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys
17:58:06.0432 1652 MXOPSWD - ok
17:58:06.0492 1652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:58:06.0512 1652 napagent - ok
17:58:06.0592 1652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:58:06.0602 1652 NativeWifiP - ok
17:58:06.0692 1652 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:58:06.0722 1652 NDIS - ok
17:58:06.0772 1652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:06.0772 1652 NdisTapi - ok
17:58:06.0822 1652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:06.0832 1652 Ndisuio - ok
17:58:06.0852 1652 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:06.0852 1652 NdisWan - ok
17:58:06.0892 1652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:58:06.0892 1652 NDProxy - ok
17:58:06.0912 1652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:58:06.0912 1652 NetBIOS - ok
17:58:06.0982 1652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:58:06.0982 1652 netbt - ok
17:58:07.0023 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
17:58:07.0023 1652 Netlogon - ok
17:58:07.0070 1652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:58:07.0070 1652 Netman - ok
17:58:07.0132 1652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:58:07.0132 1652 netprofm - ok
17:58:07.0189 1652 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:58:07.0189 1652 NetTcpPortSharing - ok
17:58:07.0329 1652 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
17:58:07.0429 1652 NETw4v32 - ok
17:58:07.0479 1652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:58:07.0479 1652 nfrd960 - ok
17:58:07.0549 1652 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:58:07.0549 1652 NisDrv - ok
17:58:07.0609 1652 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:58:07.0619 1652 NisSrv - ok
17:58:07.0719 1652 [ D78F02AFC7C3422D6EA1EA823D4957C7 ] NitroDriverReadSpool C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe
17:58:07.0719 1652 NitroDriverReadSpool - ok
17:58:07.0789 1652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:58:07.0789 1652 NlaSvc - ok
17:58:07.0849 1652 [ 00602D89A2564414E6F81DB0F2E24685 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
17:58:07.0849 1652 nlsX86cc - ok
17:58:07.0909 1652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:58:07.0919 1652 Npfs - ok
17:58:07.0969 1652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:58:07.0969 1652 nsi - ok
17:58:08.0009 1652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:58:08.0009 1652 nsiproxy - ok
17:58:08.0149 1652 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:58:08.0219 1652 Ntfs - ok
17:58:08.0279 1652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:58:08.0279 1652 ntrigdigi - ok
17:58:08.0349 1652 [ C2C0FF5F58DC258B77A799E0F8B5925C ] NTService1 C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
17:58:08.0359 1652 NTService1 - ok
17:58:08.0379 1652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:58:08.0379 1652 Null - ok
17:58:08.0419 1652 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:58:08.0439 1652 nvraid - ok
17:58:08.0469 1652 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:58:08.0469 1652 nvstor - ok
17:58:08.0519 1652 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:58:08.0519 1652 nv_agp - ok
17:58:08.0529 1652 NwlnkFlt - ok
17:58:08.0539 1652 NwlnkFwd - ok
17:58:08.0639 1652 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:58:08.0649 1652 odserv - ok
17:58:08.0719 1652 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:58:08.0719 1652 ohci1394 - ok
17:58:08.0789 1652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:58:08.0789 1652 ose - ok
17:58:08.0879 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:58:08.0889 1652 p2pimsvc - ok
17:58:08.0939 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:58:08.0949 1652 p2psvc - ok
17:58:08.0999 1652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:58:08.0999 1652 Parport - ok
17:58:09.0059 1652 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:58:09.0059 1652 partmgr - ok
17:58:09.0089 1652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:58:09.0089 1652 Parvdm - ok
17:58:09.0149 1652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:58:09.0149 1652 PcaSvc - ok
17:58:09.0219 1652 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:58:09.0219 1652 pci - ok
17:58:09.0280 1652 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
17:58:09.0280 1652 pciide - ok
17:58:09.0363 1652 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:58:09.0363 1652 pcmcia - ok
17:58:09.0433 1652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:58:09.0473 1652 PEAUTH - ok
17:58:09.0593 1652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:58:09.0663 1652 pla - ok
17:58:09.0733 1652 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:58:09.0743 1652 PlugPlay - ok
17:58:09.0813 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:58:09.0823 1652 PNRPAutoReg - ok
17:58:09.0863 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:58:09.0873 1652 PNRPsvc - ok
17:58:09.0913 1652 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:58:09.0923 1652 PolicyAgent - ok
17:58:09.0943 1652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:58:09.0943 1652 PptpMiniport - ok
17:58:09.0993 1652 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
17:58:09.0993 1652 Processor - ok
17:58:10.0093 1652 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:58:10.0103 1652 ProfSvc - ok
17:58:10.0113 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
17:58:10.0123 1652 ProtectedStorage - ok
17:58:10.0193 1652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:58:10.0193 1652 PSched - ok
17:58:10.0203 1652 qekfvmer - ok
17:58:10.0283 1652 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:58:10.0463 1652 ql2300 - ok
17:58:10.0493 1652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:58:10.0503 1652 ql40xx - ok
17:58:10.0553 1652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:58:10.0563 1652 QWAVE - ok
17:58:10.0593 1652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:58:10.0603 1652 QWAVEdrv - ok
17:58:10.0643 1652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:58:10.0643 1652 RasAcd - ok
17:58:10.0703 1652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:58:10.0703 1652 RasAuto - ok
17:58:10.0763 1652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:10.0763 1652 Rasl2tp - ok
17:58:10.0833 1652 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:58:10.0843 1652 RasMan - ok
17:58:10.0903 1652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:10.0903 1652 RasPppoe - ok
17:58:10.0973 1652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:58:10.0983 1652 RasSstp - ok
17:58:11.0053 1652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:58:11.0063 1652 rdbss - ok
17:58:11.0083 1652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:11.0083 1652 RDPCDD - ok
17:58:11.0143 1652 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:58:11.0143 1652 rdpdr - ok
17:58:11.0153 1652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:58:11.0153 1652 RDPENCDD - ok
17:58:11.0213 1652 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:58:11.0223 1652 RDPWD - ok
17:58:11.0273 1652 [ 83A5D92ACE4465C667D1D55FCDAB2658 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:58:11.0283 1652 RegSrvc - ok
17:58:11.0313 1652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:58:11.0313 1652 RemoteAccess - ok
17:58:11.0373 1652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:58:11.0383 1652 RemoteRegistry - ok
17:58:11.0413 1652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:58:11.0413 1652 RpcLocator - ok
17:58:11.0485 1652 [ 449BF2E12822299C0B153B61C5B8D58E ] rpcnet C:\Windows\system32\rpcnet.exe
17:58:11.0485 1652 rpcnet - ok
17:58:11.0532 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:58:11.0548 1652 RpcSs - ok
17:58:11.0579 1652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:58:11.0579 1652 rspndr - ok
17:58:11.0604 1652 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:58:11.0614 1652 RTL8169 - ok
17:58:11.0634 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
17:58:11.0634 1652 SamSs - ok
17:58:11.0674 1652 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:58:11.0674 1652 SASDIFSV - ok
17:58:11.0694 1652 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:58:11.0704 1652 SASKUTIL - ok
17:58:11.0744 1652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:58:11.0744 1652 sbp2port - ok
17:58:11.0924 1652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:58:11.0934 1652 SCardSvr - ok
17:58:12.0014 1652 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll
17:58:12.0024 1652 Schedule - ok
17:58:12.0044 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:58:12.0054 1652 SCPolicySvc - ok
17:58:12.0104 1652 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:58:12.0114 1652 sdbus - ok
17:58:12.0144 1652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:58:12.0154 1652 SDRSVC - ok
17:58:12.0174 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:58:12.0174 1652 secdrv - ok
17:58:12.0214 1652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:58:12.0214 1652 seclogon - ok
17:58:12.0234 1652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:58:12.0244 1652 SENS - ok
17:58:12.0274 1652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:58:12.0284 1652 Serenum - ok
17:58:12.0314 1652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:58:12.0314 1652 Serial - ok
17:58:12.0374 1652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:58:12.0374 1652 sermouse - ok
17:58:12.0454 1652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:58:12.0454 1652 SessionEnv - ok
17:58:12.0494 1652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:58:12.0494 1652 sffdisk - ok
17:58:12.0534 1652 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:58:12.0544 1652 sffp_mmc - ok
17:58:12.0594 1652 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:58:12.0594 1652 sffp_sd - ok
17:58:12.0614 1652 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:58:12.0634 1652 sfloppy - ok
17:58:12.0714 1652 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:58:12.0724 1652 ShellHWDetection - ok
17:58:12.0764 1652 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:58:12.0764 1652 sisagp - ok
17:58:12.0804 1652 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:58:12.0804 1652 SiSRaid2 - ok
17:58:12.0834 1652 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:58:12.0844 1652 SiSRaid4 - ok
17:58:13.0064 1652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:58:13.0204 1652 slsvc - ok
17:58:13.0294 1652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:58:13.0294 1652 SLUINotify - ok
17:58:13.0354 1652 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:58:13.0354 1652 Smb - ok
17:58:13.0404 1652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:58:13.0404 1652 SNMPTRAP - ok
17:58:13.0464 1652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:58:13.0464 1652 spldr - ok
17:58:13.0494 1652 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe
17:58:13.0504 1652 Spooler - ok
17:58:13.0554 1652 [ FF3CBC13DB84D81F56931BC922CC37C4 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:58:13.0564 1652 srv - ok
17:58:13.0604 1652 [ D15959D9F69F0D39A0153E9C244F20DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:58:13.0614 1652 srv2 - ok
17:58:13.0644 1652 [ FAA0D553A49E85008C6BB3781987C574 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:58:13.0644 1652 srvnet - ok
17:58:13.0686 1652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:58:13.0686 1652 SSDPSRV - ok
17:58:13.0764 1652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:58:13.0764 1652 SstpSvc - ok
17:58:13.0844 1652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:58:13.0854 1652 stisvc - ok
17:58:13.0874 1652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:58:13.0874 1652 swenum - ok
17:58:13.0954 1652 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:58:13.0964 1652 swprv - ok
17:58:14.0014 1652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:58:14.0014 1652 Symc8xx - ok
17:58:14.0044 1652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:58:14.0044 1652 Sym_hi - ok
17:58:14.0074 1652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:58:14.0074 1652 Sym_u3 - ok
17:58:14.0134 1652 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:58:14.0134 1652 SynTP - ok
17:58:14.0224 1652 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:58:14.0234 1652 SysMain - ok
17:58:14.0264 1652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:58:14.0264 1652 TabletInputService - ok
17:58:14.0334 1652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:58:14.0344 1652 TapiSrv - ok
17:58:14.0374 1652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:58:14.0384 1652 TBS - ok
17:58:14.0454 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:58:14.0534 1652 Tcpip - ok
17:58:14.0624 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:58:14.0634 1652 Tcpip6 - ok
17:58:14.0684 1652 [ 9BF343F4C878D6AD6922B2C5A4FEFE0D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:58:14.0684 1652 tcpipreg - ok
17:58:14.0724 1652 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:58:14.0724 1652 tdcmdpst - ok
17:58:14.0774 1652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:58:14.0774 1652 TDPIPE - ok
17:58:14.0804 1652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:58:14.0804 1652 TDTCP - ok
17:58:14.0874 1652 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:58:14.0874 1652 tdx - ok
17:58:14.0904 1652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:58:14.0904 1652 TermDD - ok
17:58:14.0974 1652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:58:14.0984 1652 TermService - ok
17:58:15.0024 1652 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll
17:58:15.0034 1652 Themes - ok
17:58:15.0074 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:58:15.0074 1652 THREADORDER - ok
17:58:15.0124 1652 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
17:58:15.0134 1652 tifm21 - ok
17:58:15.0254 1652 [ 1F9A37B633C11EBE5D68137645FA1337 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
17:58:15.0254 1652 TNaviSrv - ok
17:58:15.0314 1652 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe
17:58:15.0314 1652 TODDSrv - ok
17:58:15.0384 1652 [ 6A54C28B53C6B50D333C8EE974C6B208 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:58:15.0394 1652 TosCoSrv - ok
17:58:15.0434 1652 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:58:15.0434 1652 TOSHIBA Bluetooth Service - ok
17:58:15.0444 1652 Tosrfcom - ok
17:58:15.0464 1652 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
17:58:15.0464 1652 tosrfec - ok
17:58:15.0494 1652 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
17:58:15.0494 1652 tos_sps32 - ok
17:58:15.0504 1652 TpChoice - ok
17:58:15.0584 1652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:58:15.0584 1652 TrkWks - ok
17:58:15.0674 1652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:58:15.0674 1652 TrustedInstaller - ok
17:58:15.0744 1652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:15.0744 1652 tssecsrv - ok
17:58:15.0784 1652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:58:15.0784 1652 tunmp - ok
17:58:15.0804 1652 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:58:15.0814 1652 tunnel - ok
17:58:15.0865 1652 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:58:15.0865 1652 TVALZ - ok
17:58:15.0896 1652 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:58:15.0912 1652 uagp35 - ok
17:58:15.0957 1652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:58:15.0967 1652 udfs - ok
17:58:16.0027 1652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:58:16.0027 1652 UI0Detect - ok
17:58:16.0107 1652 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:58:16.0107 1652 UleadBurningHelper - ok
17:58:16.0157 1652 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:58:16.0157 1652 uliagpkx - ok
17:58:16.0197 1652 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:58:16.0207 1652 uliahci - ok
17:58:16.0237 1652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:58:16.0247 1652 UlSata - ok
17:58:16.0277 1652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:58:16.0287 1652 ulsata2 - ok
17:58:16.0317 1652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:58:16.0317 1652 umbus - ok
17:58:16.0347 1652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:58:16.0357 1652 upnphost - ok
17:58:16.0427 1652 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:58:16.0427 1652 usbaudio - ok
17:58:16.0477 1652 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:58:16.0477 1652 usbccgp - ok
17:58:16.0517 1652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:58:16.0517 1652 usbcir - ok
17:58:16.0547 1652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:58:16.0547 1652 usbehci - ok
17:58:16.0577 1652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:58:16.0587 1652 usbhub - ok
17:58:16.0627 1652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:58:16.0627 1652 usbohci - ok
17:58:16.0647 1652 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:58:16.0647 1652 usbprint - ok
17:58:16.0657 1652 Usbrfcddworb - ok
17:58:16.0687 1652 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:58:16.0687 1652 USBSTOR - ok
17:58:16.0737 1652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:58:16.0737 1652 usbuhci - ok
17:58:16.0807 1652 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:58:16.0817 1652 usbvideo - ok
17:58:16.0857 1652 [ 3B929A72AAEA96DC0150D3A6DA268C89 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:58:16.0857 1652 UVCFTR - ok
17:58:16.0927 1652 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:58:16.0927 1652 UxSms - ok
17:58:16.0997 1652 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:58:17.0007 1652 vds - ok
17:58:17.0057 1652 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:58:17.0057 1652 vga - ok
17:58:17.0127 1652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:58:17.0127 1652 VgaSave - ok
17:58:17.0167 1652 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:58:17.0167 1652 viaagp - ok
17:58:17.0197 1652 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:58:17.0197 1652 ViaC7 - ok
17:58:17.0227 1652 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
17:58:17.0237 1652 viaide - ok
17:58:17.0277 1652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:58:17.0277 1652 volmgr - ok
17:58:17.0377 1652 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:58:17.0387 1652 volmgrx - ok
17:58:17.0457 1652 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:58:17.0457 1652 volsnap - ok
17:58:17.0507 1652 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:58:17.0507 1652 vsmraid - ok
17:58:17.0617 1652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:58:17.0687 1652 VSS - ok
17:58:17.0767 1652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:58:17.0767 1652 W32Time - ok
17:58:17.0807 1652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:58:17.0807 1652 WacomPen - ok
17:58:17.0847 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:58:17.0847 1652 Wanarp - ok
17:58:17.0857 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:58:17.0857 1652 Wanarpv6 - ok
17:58:17.0897 1652 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:58:17.0927 1652 wcncsvc - ok
17:58:17.0977 1652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:58:17.0977 1652 WcsPlugInService - ok
17:58:18.0038 1652 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
17:58:18.0054 1652 Wd - ok
17:58:18.0148 1652 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:58:18.0179 1652 Wdf01000 - ok
17:58:18.0219 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:58:18.0219 1652 WdiServiceHost - ok
17:58:18.0229 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:58:18.0239 1652 WdiSystemHost - ok
17:58:18.0309 1652 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:58:18.0319 1652 WebClient - ok
17:58:18.0359 1652 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:58:18.0369 1652 Wecsvc - ok
17:58:18.0399 1652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:58:18.0409 1652 wercplsupport - ok
17:58:18.0479 1652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:58:18.0479 1652 WerSvc - ok
17:58:18.0569 1652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:58:18.0579 1652 WinDefend - ok
17:58:18.0589 1652 WinHttpAutoProxySvc - ok
17:58:18.0729 1652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:58:18.0729 1652 Winmgmt - ok
17:58:18.0799 1652 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
17:58:18.0849 1652 WinRM - ok
17:58:18.0939 1652 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:58:18.0949 1652 Wlansvc - ok
17:58:19.0119 1652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:58:19.0139 1652 wlidsvc - ok
17:58:19.0179 1652 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:58:19.0179 1652 WmiAcpi - ok
17:58:19.0239 1652 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:58:19.0249 1652 wmiApSrv - ok
17:58:19.0339 1652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:58:19.0359 1652 WMPNetworkSvc - ok
17:58:19.0429 1652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:58:19.0439 1652 WPCSvc - ok
17:58:19.0449 1652 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:58:19.0459 1652 WPDBusEnum - ok
17:58:19.0499 1652 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:58:19.0499 1652 WpdUsb - ok
17:58:19.0569 1652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:58:19.0579 1652 ws2ifsl - ok
17:58:19.0629 1652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
17:58:19.0639 1652 wscsvc - ok
17:58:19.0639 1652 WSearch - ok
17:58:19.0769 1652 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:58:19.0849 1652 wuauserv - ok
17:58:19.0889 1652 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:19.0899 1652 WUDFRd - ok
17:58:19.0929 1652 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:58:19.0939 1652 wudfsvc - ok
17:58:19.0959 1652 ================ Scan global ===============================
17:58:20.0029 1652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:58:20.0099 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
17:58:20.0119 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll
17:58:20.0179 1652 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
17:58:20.0189 1652 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
17:58:20.0189 1652 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
17:58:20.0189 1652 ================ Scan MBR ==================================
17:58:20.0219 1652 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:58:21.0012 1652 \Device\Harddisk0\DR0 - ok
17:58:21.0012 1652 ================ Scan VBR ==================================
17:58:21.0012 1652 [ 11BDF00FBCC8339B1709AF6089A9C9A1 ] \Device\Harddisk0\DR0\Partition1
17:58:21.0022 1652 \Device\Harddisk0\DR0\Partition1 - ok
17:58:21.0082 1652 [ E46E1BE5C2222A78FA6E9446F9B20CC4 ] \Device\Harddisk0\DR0\Partition2
17:58:21.0082 1652 \Device\Harddisk0\DR0\Partition2 - ok
17:58:21.0082 1652 ============================================================
17:58:21.0082 1652 Scan finished
17:58:21.0082 1652 ============================================================
17:58:21.0102 4768 Detected object count: 1
17:58:21.0102 4768 Actual detected object count: 1
17:58:40.0893 4768 C:\Windows\system32\services.exe - copied to quarantine
17:58:43.0494 4768 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
17:58:43.0824 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - copied to quarantine
17:58:58.0737 4768 Backup copy found, using it..
17:58:58.0897 4768 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
17:58:59.0137 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - will be deleted on reboot
17:58:59.0197 4768 C:\Windows\system32\services.exe - will be cured on reboot
17:58:59.0197 4768 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
17:59:36.0837 5296 Deinitialize success
========================================================================
C:\ProgramData\netdislw.js JS/Agent.NID trojan
C:\Users\All Users\netdislw.js JS/Agent.NID trojan
C:\Windows\System32\DBBK\6D5483DA06CB7B45F205C51D87EB6D1A Win32/Sirefef.FA trojan
C:\Windows\System32\DBBK\6E71F4274113197AD75262AF24FB1B09 Win32/Conedex.E trojan
C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan
C:\Windows\System32\DBBK\8737764F4FD36D6808EE80578409C843 Win32/Sirefef.FB.Gen trojan
C:\Windows\System32\DBBK\D30CEF5730C307FC524F11F228C6E8B8 a variant of Win32/Sirefef.FD trojan
C:\Windows\System32\DBBK\FE2EB24E6BD36B8BE3869ECE85AA72BC Win32/Conedex.D trojan
============================================================================
RogueKiller V8.4.2 [Dec 31 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Luc Duranleau [Droits d'admin]
Mode : Recherche -- Date : 04/01/2013 02:58:19
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (fpro.rtss.qc.ca:8080) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHX2250BT +++++
--- User ---
[MBR] 0c3f8c5caf4d0fcc079e4155977e3ab0
[bSP] 87042bb57fab562d2f4fd0a527263a3f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 225483 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 464863232 | Size: 6023 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477198336 | Size: 5468 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[5]_S_04012013_025819.txt >>
RKreport[1]_S_04012013_025407.txt ; RKreport[2]_D_04012013_025507.txt ; RKreport[3]_PR_04012013_025727.txt ; RKreport[4]_PR_04012013_025735.txt ; RKreport[5]_S_04012013_025819.txt
-
Hi,
One last thing, do I have to uninstall and reinstall ComboFix before proceeding?
Luc
-
Hi,
I ran the complete of MBAM and things run fine now. Here is the log.
I checked QooBox and those 2 log files can't be found. Also a folder called BadEnv which I cannot access. It is denied.
I will get going on executing ComboFix with your script.
Also, I did scan with RegServo but did not change anything in the registry. Just wanted to see what it gave me.
I am generally quite cautious about having software fiddle around with the registry.
Luc
=============================================================
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.07.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18943
Luc Duranleau :: LEONIDAS [administrator]
Protection: Disabled
2013-01-07 20:00:52
mbam-log-2013-01-07 (20-00-52).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443850
Time elapsed: 2 hour(s), 57 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
============================================================
-
Hi,
Here is the ComboFix log. By the way, I needed to reboot as none of my apps could start. An
error saying that access was denied because a registry entry was to be deleted.
ComboFix 13-01-06.01 - Luc Duranleau 2013-01-07 19:26:44.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.1160 [GMT -5:00]
Lancé depuis: c:\users\Luc Duranleau\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-08 au 2013-01-08 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-08 00:40 . 2013-01-08 00:41 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\temp
2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-07 19:49 . 2013-01-07 19:49 -------- d-----w- c:\programdata\Apple Computer
2013-01-07 18:59 . 2013-01-07 18:59 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Secunia PSI
2013-01-07 18:58 . 2013-01-07 18:58 -------- d-----w- c:\program files\Secunia
2013-01-07 18:44 . 2013-01-07 18:44 -------- d-----w- c:\program files\FileHippo.com
2013-01-05 19:50 . 2013-01-05 19:50 -------- d-----w- C:\found.000
2013-01-05 19:21 . 2013-01-06 18:11 -------- d-----w- C:\MGADiagToolOutput
2013-01-05 19:11 . 2013-01-05 19:11 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-01-05 16:42 . 2013-01-05 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 16:42 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 14:21 . 2013-01-05 14:21 -------- d-----w- c:\programdata\RegSERVO
2013-01-04 20:32 . 2013-01-07 18:21 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\LogMeIn Rescue Applet
2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners
2013-01-04 19:05 . 2013-01-04 19:05 4729224 ----a-w- c:\windows\uninst.exe
2013-01-04 19:05 . 2013-01-04 19:17 -------- d-----w- c:\programdata\PC1Data
2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PCPro
2013-01-04 16:37 . 2013-01-04 16:37 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Macromedia
2013-01-04 16:36 . 2013-01-04 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 16:25 . 2012-11-28 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-03 22:58 . 2013-01-03 22:58 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-03 21:13 . 2013-01-03 21:13 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-03 21:13 . 2013-01-03 21:13 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-12-25 07:53 . 2012-12-25 07:53 -------- d-----w- c:\users\Luc Duranleau\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-07 19:47 . 2011-09-11 20:32 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 09:58 . 2010-08-25 23:14 56680 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-03 23:00 . 2010-08-29 03:54 279552 ----a-w- c:\windows\system32\services.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-03 21:13 . 2012-04-12 20:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Camera Assistant Software for Toshiba\traybar .exe
c:\program files\ltmoh\Ltmoh .exe
c:\program files\Synaptics\SynTP\SynTPStart .exe
c:\program files\TOSHIBA\Utilities\KeNotify .exe
</pre>.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toscdspd"="TOSCDSPD.EXE" [N/A]
"reminder"="c:\program files\TOSHIBA\reminder\reminder.exe" [2007-05-16 407672]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-13 113664]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - PSI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74AEAE6A-923F-4414-A6C1-ABCC0714A59C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-29 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.iciwave.com/
uInternet Settings,ProxyServer = fpro.rtss.qc.ca:8080
uInternet Settings,ProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: desjardins.com\accesd.affaires
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-27012286.sys
SafeBoot-75658422.sys
SafeBoot-klmdb.sys
AddRemove-RecoveryFix For Windows(Demo)_is1 - d:\recoveryfix for windows(demo)\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 19:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2013-01-07 19:46:03
ComboFix-quarantined-files.txt 2013-01-08 00:46
.
Avant-CF: 34 005 401 600 octets libres
Après-CF: 34 037 583 872 octets libres
.
- - End Of File - - C526C874539490441DD84E9F7D995C62
-
Hi,
Also, the retailer never gave an installation disc. How can I check if the recovery console is installed? If not, would it be located on my computer already?
Luc
-
Hi,
One question. Must I also disable Internet security and UAC?
Luc
-
Hi again,
Here is MBAM log. I will continue with ComboFix now.
Luc
=====================================================================
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.07.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18943
Luc Duranleau :: LEONIDAS [administrator]
Protection: Disabled
2013-01-07 17:11:14
mbam-log-2013-01-07 (17-11-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229201
Time elapsed: 8 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi,
Ok. I have updated the database and I am performing the scan.
I will then go forward with ComboFix as detailed in your previous post.
Thanks for your patience,
Luc
-
Hello,
If you check my first entry, you will find the log output for MBAM 1.7 which is the version I updated to.
The log indicates nothing abnormal.
The log from MBAM 1.4 was the one used at the time of the disinfection that caused or indirectly caused
the authentication problem.
Luc
-
Hi,
Here are the results.
FileHippo & PSI
All installations updated except those I don't use at all.
Microsoft Safety Scanner
The tool scanned and found no infections.
Luc
-
Hello,
Thanks for you reply.
To finish up on the issues you mentionned.
4) LogMeIn - This seems to be an applet that was downloaded. Nothing is installed and there are no services attached. I deleted the executable.
If there is anything else that needs to be done to get rid of it, let me know.
6) Proxy - this proxy was setup by one of my clients (government health agency). I thought it was de-activated. Please let me know how to completely remove it.
7) The system asks to reactivate the product key. The background is black and at the bottom right hand corner is a label indicating Windows Vista 6002 (copy not genuine).
I tried entering the COA product key on sticker on the back of my computer. To no avail. Tried the telephone activation method through Microsoft support.
The 9 sets of 6 digits. To no avail. Tried system restore. System restore fails with error code 0x8000FFFF. Microsoft support tried reloading and rearming licensing components
(slsvc and slmgr). To no avail. The Tamper Time Stamp indicates a «T» type tamper and I guess it will not accept anything until that state is resolved.
Updates - I did a Vista update last night. No affect on licensing problem. I will complete your instructions and get back to you with the results.
Thanks,
Luc
-
Hello,
I have some new information. From the MGAD tool I get this report.
================================================
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid License
Validation Code: 50
Cached Online Validation Code: 0xc004c4a8
Windows Product Key: *****-*****-VP74J-HXBP4-M3C3R
Windows Product Key Hash: YwJKIRZgJO33T76zrufXyl8F+bM=
Windows Product ID: 89578-OEM-7248824-22457
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {990E546B-80F5-4F96-9974-9A5E99DD30AD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows Vista Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error: T:20130103161247921-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office Enterprise 2007 - 100 Genuine
Microsoft Office Visio Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{990E546B-80F5-4F96-9974-9A5E99DD30AD}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-M3C3R</PKey><PID>89578-OEM-7248824-22457</PID><PIDType>8</PIDType><SID>S-1-5-21-71766485-4058461557-3020660485</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.80</Version><SMBIOSVersion major="2" minor="4"/><Date>20070927000000.000000+000</Date></BIOS><HWID>24313507018400FA</HWID><UserLCID>0C0C</UserLCID><SystemLCID>040C</SystemLCID><TimeZone>Est(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011040C-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73958-640-0000106-57793</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>BAFB54383B18D86</Val><Hash>aWcD5nZ52RuF82J7kJdEZTPyC7w=</Hash><Pid>89388-707-4914746-65431</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>3AB862DE70D8D86</Val><Hash>UfpXsJvSSVcPufbDdjd0NK73+ug=</Hash><Pid>89405-707-4159871-63630</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="53" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Version du service de licences logicielles : 6.0.6002.18005
Nom : Windows Vista, HomePremium edition
Description : Windows Operating System - Vista, OEM_COA_SLP channel
ID d’activation : a4eec485-e375-48b4-8f51-80d13a4086b6
ID d’application : 55c92734-d682-4d71-983e-d6ec3f16059f
PID étendu : 89578-00144-488-222457-02-3084-6002.0000-0042013
ID d’installation : 021315970735941420520484003302453532336402878520721695
URL du certificat du processeur : http://go.microsoft.com/fwlink/?LinkID=43473
URL du certificat de l’ordinateur : http://go.microsoft.com/fwlink/?LinkID=43474
URL de licence d’utilisation : http://go.microsoft.com/fwlink/?LinkID=43476
URL du certificat de clé de produit : http://go.microsoft.com/fwlink/?LinkID=43475
Clé de produit partielle : M3C3R
État de la licence : sans licence
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: OgAAAAEAAwABAAIAAQACAAAABAABAAEAJJRW8arbcscoS0aDDB3Suc5w8vQa7LhqZHFKcKxWun0qhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLNE
TMOR PTLTD
SLIC TOSCPL TOSCPL00
OSFR TOSHIB A+2nd ID
APIC INTEL CRESTLNE
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
=================================================================
The TTS error (Tamper Time Stamp) indicates 2012-01-03 16:12.
The Malwarebyte's quarantine processus occured at 2013-01-03 16:11 as indicated in log below.
=================================================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 913010306
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943
2013-01-03 16:11:28
mbam-log-2013-01-03 (16-11-28).txt
Scan type: Quick scan
Objects scanned: 240398
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
====================================================================
It is thus certain that the quarantining of the infected files caused or indirectly caused a Mod-Auth event.
Any help will be appréciated to correct the tampering.
If restoring the quarantined files can guarantee proper recovery then fine. But I do not want to reactivate infection.
Thanks for your help,
Luc
-
Hello,
Thanks for responding.
1) Malawarebytes freezing on a Windows file.
It is true that it may totally unrelated, however the application reacts identically at all times. It does not react randomly.
As everything freezes (even the cursor), I must hard boot. I am therefore relunctant to use the application with this option
until the application can recover from whatever it is trying to do at this point.
2) Restore Malawarebytes quarantined file.
At this moment, I am also relunctant to try this. The main reason is that I feel that Malawarebytes did not directly cause
the problem. I fear that the virus reacted to being dislodged and on reboot, it acted upon the licensing components
or registry. I would prefer trying to figure out what corrupted the licensing components. Undoing the Malawarebytes
quarantine may have more dangerous results and I doubt it would recover the authentication components if it was
unaware of the viruses capability to act on being deleted. Besides, I ran the 1.4 version of the application and now
have the newest version. Not sure the new version can unquarantine files from prior versions.
3) I have freed space. The C drive now has 32 GB. I will further liberate more space later.
4) I've uninstalled GoToMeeting. LogmeIn is a client used by Microsoft support. I will leave there for now. There are no passwords involved.
5) I have removed ESET and SuperAntiSpyware
6) The proxy setup was done by one of my government clients. Completely legitimate and I believe disactivated.
7) At the moment, the authentication problem remains.
Here is the DDS log :
DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2
Run by Luc Duranleau at 12:35:22 on 2013-01-06
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.903 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\TOSHIBA\reminder\reminder.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.iciwave.com/
uProxyServer = fpro.rtss.qc.ca:8080
uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [toscdspd] TOSCDSPD.EXE
uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:153
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736]
R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-01-05 19:50:27 -------- d-sh--w- C:\found.000
2013-01-05 19:21:04 -------- d-----w- C:\MGADiagToolOutput
2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO
2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51}
2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET
2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C}
2013-01-04 22:28:25 -------- d-----w- c:\windows\pss
2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet
2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners
2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe
2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro
2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data
2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia
2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp
2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061}
2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984}
2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D}
2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27}
2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C}
2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0}
2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83}
2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E}
2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27}
2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3}
2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6}
2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49}
2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547}
2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper
2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB}
2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2}
2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2}
2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1}
2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6}
2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8}
2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7}
2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159}
2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E}
2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A}
2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3}
2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322}
2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C}
2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130}
2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5}
2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219}
2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350}
2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A}
2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B}
2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E}
2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464}
2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865}
2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97}
2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D}
2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175}
2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07}
2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E}
2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D}
2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE}
2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552}
2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D}
.
==================== Find3M ====================
.
2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe
.
============= FINISH: 12:36:34,16 ===============
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-12-02 06:53:14
System Uptime: 2013-01-05 21:17:02 (15 hours ago)
.
Motherboard: TOSHIBA | | ISRAA
Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 32,512 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1843: 2012-12-02 04:17:56 - Point de contrôle planifié
RP1844: 2012-12-03 00:00:10 - Point de contrôle planifié
RP1845: 2012-12-04 00:00:10 - Point de contrôle planifié
RP1846: 2012-12-05 15:58:52 - Point de contrôle planifié
RP1847: 2012-12-07 01:27:18 - Point de contrôle planifié
RP1848: 2012-12-08 03:35:14 - Point de contrôle planifié
RP1849: 2012-12-09 00:00:12 - Point de contrôle planifié
RP1850: 2012-12-16 19:32:36 - Point de contrôle planifié
RP1851: 2012-12-17 09:12:18 - Point de contrôle planifié
RP1852: 2012-12-18 00:27:04 - Point de contrôle planifié
RP1853: 2012-12-19 03:20:05 - Point de contrôle planifié
RP1854: 2012-12-20 01:06:01 - Point de contrôle planifié
RP1855: 2012-12-21 02:21:22 - Point de contrôle planifié
RP1856: 2012-12-22 09:45:15 - Point de contrôle planifié
RP1857: 2012-12-23 00:00:11 - Point de contrôle planifié
RP1858: 2012-12-28 21:44:34 - Point de contrôle planifié
RP1859: 2012-12-30 00:00:22 - Point de contrôle planifié
RP1860: 2013-01-03 06:17:53 - Point de contrôle planifié
RP1861: 2013-01-03 18:45:34 - Point de contrôle planifié
RP1863: 2013-01-04 00:40:23 - Removed Java 6 Update 29
RP1864: 2013-01-04 00:43:05 - Removed Ask Toolbar.
RP1866: 2013-01-04 01:46:45 - Malwarebytes Anti-Rootkit Restore Point
RP1868: 2013-01-04 10:41:01 - Panda ZAcccess init
RP1870: 2013-01-04 10:53:00 - Panda ZAcccess Cleanup
RP1871: 2013-01-04 11:23:41 - Installed Java 7 Update 10
RP1872: 2013-01-04 11:43:10 - Installed Adobe Reader X (10.1.0) - Français.
RP1873: 2013-01-04 11:48:16 - Removed Ask Toolbar.
RP1874: 2013-01-04 16:13:08 - Opération de restauration
RP1875: 2013-01-06 01:37:13 - Point de contrôle planifié
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader X (10.1.4) - Français
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Alamoon Watermark v1.4
Apple Software Update
ATI Catalyst Install Manager
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Bluetooth Stack for Windows by Toshiba
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels
Canon G.726 WMP-Decoder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Codeur Windows Media Série 9
Compatibility Pack for the 2007 Office system
D3DX10
DVD MovieFactory for TOSHIBA
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel Matrix Storage Manager
Java 7 Update 10
Java Auto Updater
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Logiciel Intel® PROSet/Wireless
Malwarebytes Anti-Malware version 1.70.0.1100
Maxtor Backup
Maxtor OneTouch III
mCore
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
mMHouse
Mozilla Firefox 17.0.1 (x86 fr)
Mozilla Maintenance Service
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitro PDF Professional
PDF Settings
PrimoPDF -- brought to you by Nitro PDF Software
Programme de gestion Camera de Logitech®
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
RecoveryFix For Windows ver 7.06.01
reminder
Réducteur de bruit lect. CD/DVD
Screen-Cut
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skins
Sybase PowerAMC 11.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
TOSHIBA Mot de passe responsable
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
UltraEdit-32 Uninstall
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Utility Common Driver
VLC media player 2.0.2
wavedesktop_1_5
Windows Live
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================
-
Hello to the Malaware team,
I have proceeded as requested and I have posted an new topic here.
I have also copied my previous correspondance which details what I did previously.
I also installed the latest version of MalawareBytes. I tried to perform a complete scan and
the software completely freezes my computer when scanning the following file.
C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPFILT.DLL
I do not know if this file has a problem but the application forced a hard reset which is not too good in any case.
I then performed a quick scan. Here is the log.
Malawarebyte log
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.05.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18943
Luc Duranleau :: LEONIDAS [administrator]
Protection: Disabled
2013-01-05 13:20:22
mbam-log-2013-01-05 (13-20-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228485
Time elapsed: 8 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS
As requested, I performed a DDS scan.
Here are the 2 log files.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2
Run by Luc Duranleau at 13:33:04 on 2013-01-05
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.978 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\iashost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\reminder\reminder.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.iciwave.com/
uProxyServer = fpro.rtss.qc.ca:8080
uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [toscdspd] TOSCDSPD.EXE
uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:153
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736]
R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 40776]
S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-01-05 17:30:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO
2013-01-05 14:21:00 -------- d-----w- c:\program files\REGSERVO
2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51}
2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET
2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C}
2013-01-04 22:28:25 -------- d-----w- c:\windows\pss
2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet
2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners
2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe
2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro
2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data
2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia
2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp
2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061}
2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984}
2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D}
2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27}
2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C}
2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0}
2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83}
2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E}
2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27}
2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3}
2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6}
2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49}
2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547}
2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper
2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB}
2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2}
2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2}
2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1}
2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6}
2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8}
2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7}
2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159}
2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E}
2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A}
2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3}
2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322}
2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C}
2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130}
2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5}
2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219}
2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350}
2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A}
2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B}
2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E}
2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464}
2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865}
2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97}
2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D}
2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175}
2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07}
2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E}
2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D}
2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE}
2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552}
2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D}
2012-12-07 09:19:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{DE7BA250-8693-43E4-845A-5186259CFBC2}
2012-12-06 21:17:07 -------- d-----w- c:\users\luc duranleau\appdata\local\{F0CBD7CB-D33F-4519-9CA8-BC0B04468960}
.
==================== Find3M ====================
.
2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe
.
============= FINISH: 13:34:14,30 ===============
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-12-02 06:53:14
System Uptime: 2013-01-05 13:15:00 (0 hours ago)
.
Motherboard: TOSHIBA | | ISRAA
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 31,699 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader X (10.1.4) - Français
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Alamoon Watermark v1.4
Apple Software Update
ATI Catalyst Install Manager
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Bluetooth Stack for Windows by Toshiba
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels
Canon G.726 WMP-Decoder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Codeur Windows Media Série 9
Compatibility Pack for the 2007 Office system
D3DX10
Diablo II
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
GoToMeeting 4.8.0.723
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel Matrix Storage Manager
Java 7 Update 10
Java Auto Updater
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Logiciel Intel® PROSet/Wireless
Malwarebytes Anti-Malware version 1.70.0.1100
Maxtor Backup
Maxtor OneTouch III
mCore
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
mMHouse
Mozilla Firefox 17.0.1 (x86 fr)
Mozilla Maintenance Service
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitro PDF Professional
PDF Settings
PrimoPDF -- brought to you by Nitro PDF Software
Programme de gestion Camera de Logitech®
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
RecoveryFix For Windows ver 7.06.01
REGSERVO
reminder
Réducteur de bruit lect. CD/DVD
Screen-Cut
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skins
SUPERAntiSpyware
Sybase PowerAMC 11.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
TOSHIBA Mot de passe responsable
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
UltraEdit-32 Uninstall
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Utility Common Driver
VLC media player 2.0.2
wavedesktop_1_5
Windows Live
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================
===============================================
Previous correspondance
Part 1
Hello to the Malwarebytes team,
I have come across a serious problem after running the Malwarebytes application.
It detected the following trojans in the seperate sequences.
1) Exploit.Drop.GS and Trojan.Ransom.SuGen
I simply executed the cleaning MalwareBytes suggested. It then rebooted.
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 913010306
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943
2013-01-03 16:11:28
mbam-log-2013-01-03 (16-11-28).txt
Scan type: Quick scan
Objects scanned: 240398
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
2) Running Malwarebytes again, it found RootKit.0Access
Again, I simply executed the cleaning MalwareBytes suggested. It then rebooted.
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 913010306
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
2013-01-03 16:32:15
mbam-log-2013-01-03 (16-32-15).txt
Scan type: Quick scan
Objects scanned: 242891
Time elapsed: 12 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot.
Problem
At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key.
All attempts to activate fail. Even Microsoft support failed to reactivate my OS.
Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly?
Thanks for your support,
Luc
Part 2
Hello,
Thanks for your reply.
I have since cleaned the computer and no longer have the trojans. Used TDSKiller, RogueKiller, ESET and Malwarebytes. Computer is clean.
I have looked at the application event logs and warnings and errors for winlogon occur at around the same time Malwarebytes was executed and the logs
were generated. My guess is that Malwarebytes cleaned an infection but in so doing provoked or indirectly provoked a modification as indicated in this event error.
-
<Event xmlns="http://schemas.micro...08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" />
<EventID Qualifiers="16384">12291</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-03T21:12:43.000Z" />
<EventRecordID>33597</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>LEONIDAS</Computer>
<Security />
</System>
<EventData>
<Data>hr=0xC004D301</Data>
</EventData>
</Event>
Hope this helps.
Luc
============================================================================
-
Hello,
Thanks for your reply.
I have since cleaned the computer and no longer have the trojans. Used TDSKiller, RogueKiller, ESET and Malwarebytes. Computer is clean.
I have looked at the application event logs and warnings and errors for winlogon occur at around the same time Malwarebytes was executed and the logs
were generated. My guess is that Malwarebytes cleaned an infection but in so doing provoked or indirectly provoked a modification as indicated in this event error.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" />
<EventID Qualifiers="16384">12291</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-03T21:12:43.000Z" />
<EventRecordID>33597</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>LEONIDAS</Computer>
<Security />
</System>
<EventData>
<Data>hr=0xC004D301</Data>
</EventData>
</Event>
Hope this helps.
Luc
-
Hello to the Malwarebytes team,
I have come across a serious problem after running the Malwarebytes application.
It detected the following trojans in the seperate sequences.
1) Exploit.Drop.GS and Trojan.Ransom.SuGen
I simply executed the cleaning MalwareBytes suggested. It then rebooted.
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 913010306
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943
2013-01-03 16:11:28
mbam-log-2013-01-03 (16-11-28).txt
Scan type: Quick scan
Objects scanned: 240398
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
2) Running Malwarebytes again, it found RootKit.0Access
Again, I simply executed the cleaning MalwareBytes suggested. It then rebooted.
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 913010306
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
2013-01-03 16:32:15
mbam-log-2013-01-03 (16-32-15).txt
Scan type: Quick scan
Objects scanned: 242891
Time elapsed: 12 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot.
Problem
At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key.
All attempts to activate fail. Even Microsoft support failed to reactivate my OS.
Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly?
Thanks for your support,
Luc
Malawarebytes affects windows licensing authentification
in Resolved Malware Removal Logs
Posted
Good morning,
Yes, I am still here. I have working with Microsoft on this issue however there has been a few screw ups
on there part while trying to send me the proper Vista DVD in order to do a repair install.
Should be able to give you some feedback sometime at the beginning of next week.
Lucas