Jump to content

Trojan.Dropper.BCMiner


Recommended Posts

Hi, have discovered I've got Trojan.Dropper.BCMiner on my machine. Here's the requested logs

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30

Run by Matt at 15:04:29 on 2012-06-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1913.627 [GMT 10:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://toshiba.msn.com

uDefault_Page_URL = hxxp://toshiba.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.138

TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422} : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422}\46C696E6B6 : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12

TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422}\F40545553514533413539303 : DhcpNameServer = 10.1.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\vwa2a0jb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.inthemix.com.au/forum/forumdisplay.php?forumid=4

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\system32\DRIVERS\scmndisp.sys --> C:\windows\system32\DRIVERS\scmndisp.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-6-30 1811456]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-29 654408]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2011-6-30 126392]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2011-6-30 103792]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2011-6-30 126392]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-27 1153368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-11-21 285152]

R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-30 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 129976]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-23 03:56:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7639AB0-1CAF-4334-B7D2-E2F3F064F2AE}\mpengine.dll

.

==================== Find3M ====================

.

2012-04-04 05:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

.

============= FINISH: 15:05:38.36 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 29/06/2011 7:23:50 PM

System Uptime: 23/06/2012 2:50:29 PM (1 hours ago)

.

Motherboard: TOSHIBA | | PWWAM

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 383.277 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: NAVEX15

Device ID: ROOT\LEGACY_NAVEX15\0000

Manufacturer:

Name: NAVEX15

PNP Device ID: ROOT\LEGACY_NAVEX15\0000

Service: NAVEX15

.

==== System Restore Points ===================

.

RP84: 5/06/2012 8:05:35 AM - Windows Update

RP85: 8/06/2012 6:08:06 PM - Windows Update

RP87: 9/06/2012 12:11:17 PM - Windows Defender Checkpoint

RP89: 11/06/2012 7:04:36 PM - Windows Defender Checkpoint

RP90: 12/06/2012 5:01:40 PM - Windows Update

RP91: 15/06/2012 6:56:11 PM - Windows Update

RP92: 15/06/2012 7:54:40 PM - Windows Update

RP93: 17/06/2012 10:11:08 AM - Windows Update

RP94: 19/06/2012 6:56:18 PM - Windows Update

RP95: 22/06/2012 5:00:46 PM - Windows Update

RP96: 23/06/2012 1:41:53 PM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Amazon Kindle For PC v1.1

Bejeweled 2 Deluxe

Bejeweled 3

BigPond Broadband ADSL

Build-a-lot 2

Canon MOV Decoder

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Chuzzle Deluxe

Facebook Video Calling 1.2.0.159

FATE

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 30

Jewel Match 3

Jewel Quest - Heritage

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

NETGEAR WNA3100 wireless USB 2.0 adapter

Norton Internet Security

Norton Online Backup

Norton PC Checkup

PhotoScape

Plants vs. Zombies

Polar Bowler

Rainbow Web 2

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Skype Toolbars

Skype™ 4.2

Spybot - Search & Destroy

SpywareBlaster 4.4

System Requirements Lab for Intel

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Utility Common Driver

Virtual Villagers 4 - The Tree of Life

Wheel of Fortune 2

WildTangent Games

WildTangent Games App (Toshiba Games)

Winamp

Winamp Detector Plug-in

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

23/06/2012 2:51:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

23/06/2012 2:50:37 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

23/06/2012 2:50:37 PM, Error: SRTSP [4] - Error loading virus definitions.

22/06/2012 7:30:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

19/06/2012 6:45:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

19/06/2012 11:10:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

18/06/2012 7:13:02 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 38-60-77-A0-A6-D6. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Any help appreciated

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Hi MrC, thanks for getting back to me, here's the report

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Matt [Admin rights]

Mode: Scan -- Date: 06/23/2012 22:59:22

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++

--- User ---

[MBR] 2c9e9dafd99063491270344f0d2bad73

[bSP] 777d2c06fad2dfdc09827059c52ec5f4 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 466017 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 957476864 | Size: 9422 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, run RogueKiller again > click Scan > it should automatically kill this one:

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\windows\SysWOW64\svchost.exe -> KILLED [TermProc]

-------------------------------------

Then........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Ran rogue Killer, it showed 1 KILLED[TermProc], Status: C:\windows\SysWOW64\svchost.exe

Created restore point

TDSSKiller log:

23:35:39.0173 5044 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

23:35:40.0156 5044 ============================================================

23:35:40.0156 5044 Current date / time: 2012/06/23 23:35:40.0156

23:35:40.0156 5044 SystemInfo:

23:35:40.0156 5044

23:35:40.0156 5044 OS Version: 6.1.7601 ServicePack: 1.0

23:35:40.0156 5044 Product type: Workstation

23:35:40.0156 5044 ComputerName: C660

23:35:40.0156 5044 UserName: Matt

23:35:40.0156 5044 Windows directory: C:\windows

23:35:40.0156 5044 System windows directory: C:\windows

23:35:40.0156 5044 Running under WOW64

23:35:40.0156 5044 Processor architecture: Intel x64

23:35:40.0156 5044 Number of processors: 2

23:35:40.0156 5044 Page size: 0x1000

23:35:40.0156 5044 Boot type: Normal boot

23:35:40.0156 5044 ============================================================

23:35:40.0764 5044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:35:40.0780 5044 ============================================================

23:35:40.0780 5044 \Device\Harddisk0\DR0:

23:35:40.0780 5044 MBR partitions:

23:35:40.0780 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38E30800

23:35:40.0780 5044 ============================================================

23:35:40.0796 5044 C: <-> \Device\Harddisk0\DR0\Partition0

23:35:40.0796 5044 ============================================================

23:35:40.0796 5044 Initialize success

23:35:40.0796 5044 ============================================================

23:36:00.0343 2828 ============================================================

23:36:00.0343 2828 Scan started

23:36:00.0343 2828 Mode: Manual; SigCheck; TDLFS;

23:36:00.0343 2828 ============================================================

23:36:00.0733 2828 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

23:36:00.0904 2828 1394ohci - ok

23:36:01.0013 2828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

23:36:01.0045 2828 ACPI - ok

23:36:01.0091 2828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

23:36:01.0169 2828 AcpiPmi - ok

23:36:01.0216 2828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

23:36:01.0232 2828 adp94xx - ok

23:36:01.0279 2828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

23:36:01.0294 2828 adpahci - ok

23:36:01.0325 2828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

23:36:01.0341 2828 adpu320 - ok

23:36:01.0372 2828 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

23:36:01.0513 2828 AeLookupSvc - ok

23:36:01.0559 2828 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

23:36:01.0622 2828 AFD - ok

23:36:01.0669 2828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

23:36:01.0669 2828 agp440 - ok

23:36:01.0700 2828 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

23:36:01.0731 2828 ALG - ok

23:36:01.0793 2828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

23:36:01.0809 2828 aliide - ok

23:36:01.0825 2828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

23:36:01.0840 2828 amdide - ok

23:36:01.0871 2828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

23:36:01.0918 2828 AmdK8 - ok

23:36:01.0949 2828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

23:36:01.0996 2828 AmdPPM - ok

23:36:02.0043 2828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

23:36:02.0059 2828 amdsata - ok

23:36:02.0090 2828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

23:36:02.0105 2828 amdsbs - ok

23:36:02.0137 2828 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

23:36:02.0152 2828 amdxata - ok

23:36:02.0215 2828 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

23:36:02.0464 2828 AppID - ok

23:36:02.0511 2828 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

23:36:02.0573 2828 AppIDSvc - ok

23:36:02.0651 2828 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

23:36:02.0714 2828 Appinfo - ok

23:36:02.0761 2828 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

23:36:02.0776 2828 arc - ok

23:36:02.0776 2828 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

23:36:02.0792 2828 arcsas - ok

23:36:02.0823 2828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

23:36:02.0870 2828 AsyncMac - ok

23:36:02.0932 2828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

23:36:02.0948 2828 atapi - ok

23:36:03.0010 2828 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

23:36:03.0088 2828 AudioEndpointBuilder - ok

23:36:03.0088 2828 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

23:36:03.0135 2828 AudioSrv - ok

23:36:03.0197 2828 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

23:36:03.0291 2828 AxInstSV - ok

23:36:03.0338 2828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

23:36:03.0416 2828 b06bdrv - ok

23:36:03.0463 2828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

23:36:03.0494 2828 b57nd60a - ok

23:36:03.0541 2828 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

23:36:03.0587 2828 BDESVC - ok

23:36:03.0619 2828 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

23:36:03.0697 2828 Beep - ok

23:36:03.0790 2828 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

23:36:03.0837 2828 BFE - ok

23:36:03.0915 2828 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

23:36:03.0993 2828 BITS - ok

23:36:04.0040 2828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

23:36:04.0071 2828 blbdrive - ok

23:36:04.0118 2828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

23:36:04.0149 2828 bowser - ok

23:36:04.0180 2828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

23:36:04.0258 2828 BrFiltLo - ok

23:36:04.0274 2828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

23:36:04.0321 2828 BrFiltUp - ok

23:36:04.0352 2828 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

23:36:04.0414 2828 Browser - ok

23:36:04.0461 2828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

23:36:04.0508 2828 Brserid - ok

23:36:04.0508 2828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

23:36:04.0555 2828 BrSerWdm - ok

23:36:04.0570 2828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

23:36:04.0617 2828 BrUsbMdm - ok

23:36:04.0633 2828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

23:36:04.0648 2828 BrUsbSer - ok

23:36:04.0679 2828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

23:36:04.0711 2828 BTHMODEM - ok

23:36:04.0757 2828 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

23:36:04.0820 2828 bthserv - ok

23:36:04.0882 2828 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

23:36:04.0945 2828 cdfs - ok

23:36:05.0007 2828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

23:36:05.0054 2828 cdrom - ok

23:36:05.0101 2828 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\windows\system32\DRIVERS\CeKbFilter.sys

23:36:05.0147 2828 CeKbFilter - ok

23:36:05.0210 2828 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

23:36:05.0272 2828 CertPropSvc - ok

23:36:05.0381 2828 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

23:36:05.0397 2828 cfWiMAXService - ok

23:36:05.0428 2828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

23:36:05.0459 2828 circlass - ok

23:36:05.0522 2828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

23:36:05.0553 2828 CLFS - ok

23:36:05.0615 2828 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:36:05.0631 2828 clr_optimization_v2.0.50727_32 - ok

23:36:05.0693 2828 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:36:05.0709 2828 clr_optimization_v2.0.50727_64 - ok

23:36:05.0787 2828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:36:05.0818 2828 clr_optimization_v4.0.30319_32 - ok

23:36:05.0849 2828 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:36:05.0865 2828 clr_optimization_v4.0.30319_64 - ok

23:36:05.0896 2828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

23:36:05.0927 2828 CmBatt - ok

23:36:05.0959 2828 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

23:36:05.0990 2828 cmdide - ok

23:36:06.0037 2828 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

23:36:06.0068 2828 CNG - ok

23:36:06.0115 2828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

23:36:06.0130 2828 Compbatt - ok

23:36:06.0177 2828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

23:36:06.0224 2828 CompositeBus - ok

23:36:06.0255 2828 COMSysApp - ok

23:36:06.0333 2828 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

23:36:06.0349 2828 ConfigFree Service - ok

23:36:06.0395 2828 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

23:36:06.0427 2828 cpudrv64 - ok

23:36:06.0458 2828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

23:36:06.0458 2828 crcdisk - ok

23:36:06.0520 2828 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

23:36:06.0583 2828 CryptSvc - ok

23:36:06.0723 2828 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

23:36:06.0770 2828 cvhsvc - ok

23:36:06.0832 2828 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

23:36:06.0895 2828 DcomLaunch - ok

23:36:06.0926 2828 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

23:36:06.0988 2828 defragsvc - ok

23:36:07.0051 2828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

23:36:07.0129 2828 DfsC - ok

23:36:07.0175 2828 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\windows\system32\DRIVERS\ssudbus.sys

23:36:07.0207 2828 dg_ssudbus - ok

23:36:07.0269 2828 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

23:36:07.0331 2828 Dhcp - ok

23:36:07.0363 2828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

23:36:07.0409 2828 discache - ok

23:36:07.0456 2828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

23:36:07.0487 2828 Disk - ok

23:36:07.0519 2828 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

23:36:07.0581 2828 Dnscache - ok

23:36:07.0612 2828 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

23:36:07.0675 2828 dot3svc - ok

23:36:07.0706 2828 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

23:36:07.0768 2828 DPS - ok

23:36:07.0799 2828 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

23:36:07.0831 2828 drmkaud - ok

23:36:07.0893 2828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

23:36:07.0924 2828 DXGKrnl - ok

23:36:07.0955 2828 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

23:36:08.0018 2828 EapHost - ok

23:36:08.0143 2828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

23:36:08.0221 2828 ebdrv - ok

23:36:08.0330 2828 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

23:36:08.0377 2828 EFS - ok

23:36:08.0486 2828 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

23:36:08.0564 2828 ehRecvr - ok

23:36:08.0595 2828 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

23:36:08.0626 2828 ehSched - ok

23:36:08.0689 2828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

23:36:08.0704 2828 elxstor - ok

23:36:08.0735 2828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

23:36:08.0782 2828 ErrDev - ok

23:36:08.0829 2828 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

23:36:08.0907 2828 EventSystem - ok

23:36:08.0954 2828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

23:36:09.0001 2828 exfat - ok

23:36:09.0032 2828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

23:36:09.0094 2828 fastfat - ok

23:36:09.0157 2828 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

23:36:09.0219 2828 Fax - ok

23:36:09.0266 2828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

23:36:09.0297 2828 fdc - ok

23:36:09.0344 2828 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

23:36:09.0375 2828 fdPHost - ok

23:36:09.0391 2828 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

23:36:09.0437 2828 FDResPub - ok

23:36:09.0469 2828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

23:36:09.0484 2828 FileInfo - ok

23:36:09.0500 2828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

23:36:09.0547 2828 Filetrace - ok

23:36:09.0578 2828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

23:36:09.0593 2828 flpydisk - ok

23:36:09.0625 2828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

23:36:09.0656 2828 FltMgr - ok

23:36:09.0703 2828 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

23:36:09.0781 2828 FontCache - ok

23:36:09.0859 2828 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:36:09.0874 2828 FontCache3.0.0.0 - ok

23:36:09.0905 2828 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

23:36:09.0921 2828 FsDepends - ok

23:36:09.0937 2828 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

23:36:09.0952 2828 Fs_Rec - ok

23:36:10.0015 2828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

23:36:10.0030 2828 fvevol - ok

23:36:10.0061 2828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

23:36:10.0077 2828 gagp30kx - ok

23:36:10.0171 2828 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

23:36:10.0186 2828 GamesAppService - ok

23:36:10.0249 2828 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

23:36:10.0311 2828 gpsvc - ok

23:36:10.0342 2828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

23:36:10.0405 2828 hcw85cir - ok

23:36:10.0451 2828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

23:36:10.0514 2828 HdAudAddService - ok

23:36:10.0545 2828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

23:36:10.0576 2828 HDAudBus - ok

23:36:10.0607 2828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

23:36:10.0654 2828 HidBatt - ok

23:36:10.0685 2828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

23:36:10.0717 2828 HidBth - ok

23:36:10.0748 2828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

23:36:10.0779 2828 HidIr - ok

23:36:10.0810 2828 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

23:36:10.0873 2828 hidserv - ok

23:36:10.0935 2828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

23:36:10.0951 2828 HidUsb - ok

23:36:10.0982 2828 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

23:36:11.0044 2828 hkmsvc - ok

23:36:11.0091 2828 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

23:36:11.0169 2828 HomeGroupListener - ok

23:36:11.0200 2828 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

23:36:11.0247 2828 HomeGroupProvider - ok

23:36:11.0294 2828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

23:36:11.0309 2828 HpSAMD - ok

23:36:11.0356 2828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

23:36:11.0434 2828 HTTP - ok

23:36:11.0465 2828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

23:36:11.0481 2828 hwpolicy - ok

23:36:11.0528 2828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

23:36:11.0543 2828 i8042prt - ok

23:36:11.0590 2828 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys

23:36:11.0606 2828 iaStor - ok

23:36:11.0668 2828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

23:36:11.0699 2828 iaStorV - ok

23:36:11.0840 2828 IconMan_R (4de2ee2a5186d74babc4e7f60d2ae989) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

23:36:11.0902 2828 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

23:36:11.0902 2828 IconMan_R - detected UnsignedFile.Multi.Generic (1)

23:36:12.0027 2828 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:36:12.0058 2828 idsvc - ok

23:36:12.0511 2828 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys

23:36:12.0854 2828 igfx - ok

23:36:12.0963 2828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

23:36:12.0994 2828 iirsp - ok

23:36:13.0041 2828 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

23:36:13.0119 2828 IKEEXT - ok

23:36:13.0259 2828 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\windows\system32\drivers\RTKVHD64.sys

23:36:13.0322 2828 IntcAzAudAddService - ok

23:36:13.0431 2828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

23:36:13.0462 2828 intelide - ok

23:36:13.0493 2828 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

23:36:13.0540 2828 intelppm - ok

23:36:13.0571 2828 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

23:36:13.0618 2828 IPBusEnum - ok

23:36:13.0665 2828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

23:36:13.0727 2828 IpFilterDriver - ok

23:36:13.0774 2828 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

23:36:13.0852 2828 iphlpsvc - ok

23:36:13.0883 2828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

23:36:13.0915 2828 IPMIDRV - ok

23:36:13.0961 2828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

23:36:14.0008 2828 IPNAT - ok

23:36:14.0055 2828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

23:36:14.0117 2828 IRENUM - ok

23:36:14.0149 2828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

23:36:14.0149 2828 isapnp - ok

23:36:14.0164 2828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

23:36:14.0195 2828 iScsiPrt - ok

23:36:14.0211 2828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

23:36:14.0227 2828 kbdclass - ok

23:36:14.0258 2828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

23:36:14.0305 2828 kbdhid - ok

23:36:14.0351 2828 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

23:36:14.0367 2828 KeyIso - ok

23:36:14.0398 2828 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

23:36:14.0398 2828 KSecDD - ok

23:36:14.0445 2828 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

23:36:14.0461 2828 KSecPkg - ok

23:36:14.0492 2828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

23:36:14.0539 2828 ksthunk - ok

23:36:14.0570 2828 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

23:36:14.0632 2828 KtmRm - ok

23:36:14.0695 2828 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

23:36:14.0773 2828 LanmanServer - ok

23:36:14.0835 2828 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

23:36:14.0882 2828 LanmanWorkstation - ok

23:36:14.0897 2828 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

23:36:14.0960 2828 lltdio - ok

23:36:15.0007 2828 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

23:36:15.0069 2828 lltdsvc - ok

23:36:15.0085 2828 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

23:36:15.0116 2828 lmhosts - ok

23:36:15.0163 2828 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys

23:36:15.0178 2828 LPCFilter - ok

23:36:15.0209 2828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

23:36:15.0225 2828 LSI_FC - ok

23:36:15.0256 2828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

23:36:15.0272 2828 LSI_SAS - ok

23:36:15.0272 2828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

23:36:15.0287 2828 LSI_SAS2 - ok

23:36:15.0319 2828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

23:36:15.0334 2828 LSI_SCSI - ok

23:36:15.0365 2828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

23:36:15.0412 2828 luafv - ok

23:36:15.0443 2828 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

23:36:15.0459 2828 MBAMProtector - ok

23:36:15.0568 2828 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:36:15.0584 2828 MBAMService - ok

23:36:15.0677 2828 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

23:36:15.0693 2828 McComponentHostService - ok

23:36:15.0724 2828 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

23:36:15.0740 2828 Mcx2Svc - ok

23:36:15.0771 2828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

23:36:15.0787 2828 megasas - ok

23:36:15.0818 2828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

23:36:15.0833 2828 MegaSR - ok

23:36:15.0865 2828 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

23:36:15.0927 2828 MMCSS - ok

23:36:15.0943 2828 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

23:36:16.0021 2828 Modem - ok

23:36:16.0052 2828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

23:36:16.0083 2828 monitor - ok

23:36:16.0145 2828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

23:36:16.0161 2828 mouclass - ok

23:36:16.0208 2828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

23:36:16.0255 2828 mouhid - ok

23:36:16.0301 2828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

23:36:16.0333 2828 mountmgr - ok

23:36:16.0379 2828 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:36:16.0411 2828 MozillaMaintenance - ok

23:36:16.0442 2828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

23:36:16.0457 2828 mpio - ok

23:36:16.0473 2828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

23:36:16.0520 2828 mpsdrv - ok

23:36:16.0567 2828 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

23:36:16.0645 2828 MpsSvc - ok

23:36:16.0676 2828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

23:36:16.0738 2828 MRxDAV - ok

23:36:16.0769 2828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

23:36:16.0832 2828 mrxsmb - ok

23:36:16.0863 2828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

23:36:16.0894 2828 mrxsmb10 - ok

23:36:16.0941 2828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

23:36:16.0972 2828 mrxsmb20 - ok

23:36:17.0019 2828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

23:36:17.0050 2828 msahci - ok

23:36:17.0081 2828 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

23:36:17.0081 2828 msdsm - ok

23:36:17.0113 2828 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

23:36:17.0144 2828 MSDTC - ok

23:36:17.0175 2828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

23:36:17.0206 2828 Msfs - ok

23:36:17.0222 2828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

23:36:17.0284 2828 mshidkmdf - ok

23:36:17.0315 2828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

23:36:17.0315 2828 msisadrv - ok

23:36:17.0362 2828 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

23:36:17.0409 2828 MSiSCSI - ok

23:36:17.0409 2828 msiserver - ok

23:36:17.0440 2828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

23:36:17.0503 2828 MSKSSRV - ok

23:36:17.0534 2828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

23:36:17.0596 2828 MSPCLOCK - ok

23:36:17.0627 2828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

23:36:17.0674 2828 MSPQM - ok

23:36:17.0737 2828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

23:36:17.0752 2828 MsRPC - ok

23:36:17.0783 2828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

23:36:17.0799 2828 mssmbios - ok

23:36:17.0830 2828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

23:36:17.0893 2828 MSTEE - ok

23:36:17.0924 2828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

23:36:17.0939 2828 MTConfig - ok

23:36:17.0955 2828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

23:36:17.0971 2828 Mup - ok

23:36:18.0017 2828 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

23:36:18.0080 2828 napagent - ok

23:36:18.0127 2828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

23:36:18.0189 2828 NativeWifiP - ok

23:36:18.0251 2828 NAVENG - ok

23:36:18.0267 2828 NAVEX15 - ok

23:36:18.0345 2828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

23:36:18.0392 2828 NDIS - ok

23:36:18.0423 2828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

23:36:18.0470 2828 NdisCap - ok

23:36:18.0517 2828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

23:36:18.0563 2828 NdisTapi - ok

23:36:18.0595 2828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

23:36:18.0626 2828 Ndisuio - ok

23:36:18.0673 2828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

23:36:18.0751 2828 NdisWan - ok

23:36:18.0766 2828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

23:36:18.0797 2828 NDProxy - ok

23:36:18.0844 2828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

23:36:18.0891 2828 NetBIOS - ok

23:36:18.0938 2828 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

23:36:18.0969 2828 NetBT - ok

23:36:19.0016 2828 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

23:36:19.0031 2828 Netlogon - ok

23:36:19.0094 2828 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

23:36:19.0172 2828 Netman - ok

23:36:19.0203 2828 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

23:36:19.0281 2828 netprofm - ok

23:36:19.0343 2828 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:36:19.0375 2828 NetTcpPortSharing - ok

23:36:19.0406 2828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

23:36:19.0437 2828 nfrd960 - ok

23:36:19.0531 2828 NIS (43cf5d42fe4475e8e1e74be484b7e33a) C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

23:36:19.0546 2828 NIS - ok

23:36:19.0609 2828 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

23:36:19.0671 2828 NlaSvc - ok

23:36:19.0718 2828 Norton PC Checkup Application Launcher - ok

23:36:19.0780 2828 NPF (c31fa031335eff434b2d94278e74bcce) C:\windows\system32\DRIVERS\npf.sys

23:36:19.0796 2828 NPF - ok

23:36:19.0811 2828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

23:36:19.0843 2828 Npfs - ok

23:36:19.0874 2828 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

23:36:19.0936 2828 nsi - ok

23:36:19.0983 2828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

23:36:20.0014 2828 nsiproxy - ok

23:36:20.0092 2828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

23:36:20.0139 2828 Ntfs - ok

23:36:20.0233 2828 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

23:36:20.0279 2828 Null - ok

23:36:20.0326 2828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

23:36:20.0357 2828 nvraid - ok

23:36:20.0373 2828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

23:36:20.0389 2828 nvstor - ok

23:36:20.0435 2828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

23:36:20.0451 2828 nv_agp - ok

23:36:20.0482 2828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

23:36:20.0513 2828 ohci1394 - ok

23:36:20.0591 2828 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:36:20.0607 2828 ose - ok

23:36:20.0888 2828 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:36:21.0075 2828 osppsvc - ok

23:36:21.0169 2828 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

23:36:21.0215 2828 p2pimsvc - ok

23:36:21.0247 2828 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

23:36:21.0262 2828 p2psvc - ok

23:36:21.0293 2828 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

23:36:21.0309 2828 Parport - ok

23:36:21.0356 2828 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

23:36:21.0356 2828 partmgr - ok

23:36:21.0387 2828 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

23:36:21.0418 2828 PcaSvc - ok

23:36:21.0496 2828 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe

23:36:21.0512 2828 PCCUJobMgr - ok

23:36:21.0559 2828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

23:36:21.0574 2828 pci - ok

23:36:21.0590 2828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

23:36:21.0605 2828 pciide - ok

23:36:21.0637 2828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

23:36:21.0652 2828 pcmcia - ok

23:36:21.0668 2828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

23:36:21.0668 2828 pcw - ok

23:36:21.0715 2828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

23:36:21.0777 2828 PEAUTH - ok

23:36:21.0839 2828 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

23:36:21.0871 2828 PerfHost - ok

23:36:21.0917 2828 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

23:36:21.0917 2828 PGEffect - ok

23:36:21.0995 2828 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

23:36:22.0073 2828 pla - ok

23:36:22.0120 2828 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

23:36:22.0198 2828 PlugPlay - ok

23:36:22.0214 2828 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

23:36:22.0245 2828 PNRPAutoReg - ok

23:36:22.0276 2828 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

23:36:22.0292 2828 PNRPsvc - ok

23:36:22.0339 2828 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

23:36:22.0401 2828 PolicyAgent - ok

23:36:22.0432 2828 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

23:36:22.0495 2828 Power - ok

23:36:22.0557 2828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

23:36:22.0604 2828 PptpMiniport - ok

23:36:22.0651 2828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

23:36:22.0682 2828 Processor - ok

23:36:22.0713 2828 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

23:36:22.0744 2828 ProfSvc - ok

23:36:22.0775 2828 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

23:36:22.0791 2828 ProtectedStorage - ok

23:36:22.0838 2828 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

23:36:22.0885 2828 Psched - ok

23:36:22.0978 2828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

23:36:23.0025 2828 ql2300 - ok

23:36:23.0119 2828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

23:36:23.0150 2828 ql40xx - ok

23:36:23.0181 2828 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

23:36:23.0228 2828 QWAVE - ok

23:36:23.0259 2828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

23:36:23.0306 2828 QWAVEdrv - ok

23:36:23.0321 2828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

23:36:23.0353 2828 RasAcd - ok

23:36:23.0384 2828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

23:36:23.0415 2828 RasAgileVpn - ok

23:36:23.0446 2828 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

23:36:23.0493 2828 RasAuto - ok

23:36:23.0540 2828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

23:36:23.0587 2828 Rasl2tp - ok

23:36:23.0618 2828 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

23:36:23.0665 2828 RasMan - ok

23:36:23.0696 2828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

23:36:23.0758 2828 RasPppoe - ok

23:36:23.0774 2828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

23:36:23.0852 2828 RasSstp - ok

23:36:23.0883 2828 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

23:36:23.0961 2828 rdbss - ok

23:36:23.0992 2828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

23:36:24.0023 2828 rdpbus - ok

23:36:24.0055 2828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

23:36:24.0117 2828 RDPCDD - ok

23:36:24.0148 2828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

23:36:24.0211 2828 RDPENCDD - ok

23:36:24.0242 2828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

23:36:24.0273 2828 RDPREFMP - ok

23:36:24.0320 2828 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

23:36:24.0382 2828 RDPWD - ok

23:36:24.0429 2828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

23:36:24.0460 2828 rdyboost - ok

23:36:24.0491 2828 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

23:36:24.0538 2828 RemoteAccess - ok

23:36:24.0569 2828 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

23:36:24.0632 2828 RemoteRegistry - ok

23:36:24.0647 2828 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

23:36:24.0710 2828 RpcEptMapper - ok

23:36:24.0757 2828 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

23:36:24.0788 2828 RpcLocator - ok

23:36:24.0835 2828 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

23:36:24.0866 2828 RpcSs - ok

23:36:24.0913 2828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

23:36:24.0944 2828 rspndr - ok

23:36:24.0991 2828 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys

23:36:24.0991 2828 RSUSBSTOR - ok

23:36:25.0037 2828 RTL8167 (3e70f9ca3eeb22affaac1a4861a303dc) C:\windows\system32\DRIVERS\Rt64win7.sys

23:36:25.0053 2828 RTL8167 - ok

23:36:25.0115 2828 RTL8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\windows\system32\DRIVERS\rtl8192Ce.sys

23:36:25.0131 2828 RTL8192Ce - ok

23:36:25.0162 2828 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

23:36:25.0178 2828 SamSs - ok

23:36:25.0225 2828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

23:36:25.0240 2828 sbp2port - ok

23:36:25.0396 2828 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

23:36:25.0427 2828 SBSDWSCService - ok

23:36:25.0459 2828 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

23:36:25.0505 2828 SCardSvr - ok

23:36:25.0552 2828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

23:36:25.0615 2828 scfilter - ok

23:36:25.0693 2828 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

23:36:25.0755 2828 Schedule - ok

23:36:25.0802 2828 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\windows\system32\DRIVERS\scmndisp.sys

23:36:25.0802 2828 SCMNdisP - ok

23:36:25.0849 2828 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

23:36:25.0895 2828 SCPolicySvc - ok

23:36:25.0911 2828 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

23:36:25.0989 2828 SDRSVC - ok

23:36:26.0020 2828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

23:36:26.0067 2828 secdrv - ok

23:36:26.0098 2828 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

23:36:26.0161 2828 seclogon - ok

23:36:26.0192 2828 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

23:36:26.0223 2828 SENS - ok

23:36:26.0254 2828 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

23:36:26.0270 2828 SensrSvc - ok

23:36:26.0317 2828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

23:36:26.0332 2828 Serenum - ok

23:36:26.0379 2828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

23:36:26.0395 2828 Serial - ok

23:36:26.0426 2828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

23:36:26.0441 2828 sermouse - ok

23:36:26.0504 2828 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

23:36:26.0566 2828 SessionEnv - ok

23:36:26.0597 2828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

23:36:26.0675 2828 sffdisk - ok

23:36:26.0707 2828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

23:36:26.0753 2828 sffp_mmc - ok

23:36:26.0769 2828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

23:36:26.0816 2828 sffp_sd - ok

23:36:26.0847 2828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

23:36:26.0863 2828 sfloppy - ok

23:36:26.0909 2828 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

23:36:26.0941 2828 Sftfs - ok

23:36:27.0050 2828 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

23:36:27.0081 2828 sftlist - ok

23:36:27.0097 2828 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

23:36:27.0112 2828 Sftplay - ok

23:36:27.0143 2828 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

23:36:27.0159 2828 Sftredir - ok

23:36:27.0159 2828 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

23:36:27.0175 2828 Sftvol - ok

23:36:27.0206 2828 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

23:36:27.0206 2828 sftvsa - ok

23:36:27.0253 2828 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

23:36:27.0315 2828 SharedAccess - ok

23:36:27.0362 2828 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

23:36:27.0424 2828 ShellHWDetection - ok

23:36:27.0471 2828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

23:36:27.0487 2828 SiSRaid2 - ok

23:36:27.0502 2828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

23:36:27.0518 2828 SiSRaid4 - ok

23:36:27.0533 2828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

23:36:27.0565 2828 Smb - ok

23:36:27.0596 2828 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

23:36:27.0627 2828 SNMPTRAP - ok

23:36:27.0658 2828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

23:36:27.0674 2828 spldr - ok

23:36:27.0721 2828 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

23:36:27.0767 2828 Spooler - ok

23:36:27.0892 2828 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

23:36:28.0048 2828 sppsvc - ok

23:36:28.0142 2828 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

23:36:28.0204 2828 sppuinotify - ok

23:36:28.0298 2828 SRTSP (6820b710c7225d489223d4a6e1ac3e16) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS

23:36:28.0329 2828 SRTSP - ok

23:36:28.0345 2828 SRTSPX (7159e3dea683fd88c10da6cf9997162f) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS

23:36:28.0360 2828 SRTSPX - ok

23:36:28.0407 2828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

23:36:28.0485 2828 srv - ok

23:36:28.0516 2828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

23:36:28.0563 2828 srv2 - ok

23:36:28.0594 2828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

23:36:28.0610 2828 srvnet - ok

23:36:28.0657 2828 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

23:36:28.0719 2828 SSDPSRV - ok

23:36:28.0750 2828 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

23:36:28.0781 2828 SstpSvc - ok

23:36:28.0813 2828 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\windows\system32\DRIVERS\ssudmdm.sys

23:36:28.0828 2828 ssudmdm - ok

23:36:28.0859 2828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

23:36:28.0875 2828 stexstor - ok

23:36:28.0922 2828 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

23:36:28.0969 2828 stisvc - ok

23:36:29.0015 2828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

23:36:29.0031 2828 swenum - ok

23:36:29.0062 2828 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

23:36:29.0125 2828 swprv - ok

23:36:29.0203 2828 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

23:36:29.0218 2828 SynTP - ok

23:36:29.0312 2828 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

23:36:29.0374 2828 SysMain - ok

23:36:29.0468 2828 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

23:36:29.0530 2828 TabletInputService - ok

23:36:29.0577 2828 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

23:36:29.0655 2828 TapiSrv - ok

23:36:29.0702 2828 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

23:36:29.0749 2828 TBS - ok

23:36:29.0858 2828 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

23:36:29.0905 2828 Tcpip - ok

23:36:30.0092 2828 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

23:36:30.0139 2828 TCPIP6 - ok

23:36:30.0248 2828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

23:36:30.0326 2828 tcpipreg - ok

23:36:30.0373 2828 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

23:36:30.0388 2828 tdcmdpst - ok

23:36:30.0419 2828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

23:36:30.0451 2828 TDPIPE - ok

23:36:30.0482 2828 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

23:36:30.0513 2828 TDTCP - ok

23:36:30.0575 2828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

23:36:30.0607 2828 tdx - ok

23:36:30.0638 2828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

23:36:30.0653 2828 TermDD - ok

23:36:30.0700 2828 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

23:36:30.0778 2828 TermService - ok

23:36:30.0809 2828 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

23:36:30.0841 2828 Themes - ok

23:36:30.0887 2828 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

23:36:30.0919 2828 THREADORDER - ok

23:36:30.0997 2828 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

23:36:31.0028 2828 TMachInfo - ok

23:36:31.0059 2828 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe

23:36:31.0075 2828 TODDSrv - ok

23:36:31.0199 2828 TosCoSrv (bdbe7a21e1de76d92f566aa80546aa4c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

23:36:31.0215 2828 TosCoSrv - ok

23:36:31.0262 2828 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

23:36:31.0262 2828 TOSHIBA HDD SSD Alert Service - ok

23:36:31.0309 2828 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

23:36:31.0371 2828 TrkWks - ok

23:36:31.0433 2828 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

23:36:31.0496 2828 TrustedInstaller - ok

23:36:31.0558 2828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

23:36:31.0636 2828 tssecsrv - ok

23:36:31.0683 2828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

23:36:31.0730 2828 TsUsbFlt - ok

23:36:31.0792 2828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

23:36:31.0870 2828 tunnel - ok

23:36:31.0917 2828 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

23:36:31.0917 2828 TVALZ - ok

23:36:31.0948 2828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

23:36:31.0964 2828 uagp35 - ok

23:36:31.0995 2828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

23:36:32.0042 2828 udfs - ok

23:36:32.0073 2828 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

23:36:32.0073 2828 UI0Detect - ok

23:36:32.0120 2828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

23:36:32.0135 2828 uliagpkx - ok

23:36:32.0167 2828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

23:36:32.0213 2828 umbus - ok

23:36:32.0245 2828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

23:36:32.0260 2828 UmPass - ok

23:36:32.0307 2828 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

23:36:32.0401 2828 upnphost - ok

23:36:32.0447 2828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

23:36:32.0479 2828 usbccgp - ok

23:36:32.0510 2828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

23:36:32.0525 2828 usbcir - ok

23:36:32.0557 2828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

23:36:32.0588 2828 usbehci - ok

23:36:32.0635 2828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

23:36:32.0666 2828 usbhub - ok

23:36:32.0697 2828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

23:36:32.0728 2828 usbohci - ok

23:36:32.0759 2828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

23:36:32.0791 2828 usbprint - ok

23:36:32.0822 2828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

23:36:32.0869 2828 USBSTOR - ok

23:36:32.0931 2828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

23:36:32.0962 2828 usbuhci - ok

23:36:33.0040 2828 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

23:36:33.0071 2828 usbvideo - ok

23:36:33.0087 2828 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

23:36:33.0134 2828 UxSms - ok

23:36:33.0165 2828 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

23:36:33.0181 2828 VaultSvc - ok

23:36:33.0227 2828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

23:36:33.0243 2828 vdrvroot - ok

23:36:33.0290 2828 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

23:36:33.0337 2828 vds - ok

23:36:33.0368 2828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

23:36:33.0383 2828 vga - ok

23:36:33.0415 2828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

23:36:33.0461 2828 VgaSave - ok

23:36:33.0508 2828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

23:36:33.0524 2828 vhdmp - ok

23:36:33.0571 2828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

23:36:33.0586 2828 viaide - ok

23:36:33.0617 2828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

23:36:33.0633 2828 volmgr - ok

23:36:33.0695 2828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

23:36:33.0711 2828 volmgrx - ok

23:36:33.0758 2828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

23:36:33.0773 2828 volsnap - ok

23:36:33.0805 2828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

23:36:33.0820 2828 vsmraid - ok

23:36:33.0898 2828 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

23:36:33.0976 2828 VSS - ok

23:36:34.0085 2828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

23:36:34.0117 2828 vwifibus - ok

23:36:34.0132 2828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

23:36:34.0179 2828 vwififlt - ok

23:36:34.0241 2828 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

23:36:34.0273 2828 W32Time - ok

23:36:34.0304 2828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

23:36:34.0335 2828 WacomPen - ok

23:36:34.0397 2828 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

23:36:34.0491 2828 WANARP - ok

23:36:34.0491 2828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

23:36:34.0522 2828 Wanarpv6 - ok

23:36:34.0631 2828 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

23:36:34.0678 2828 WatAdminSvc - ok

23:36:34.0756 2828 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

23:36:34.0850 2828 wbengine - ok

23:36:34.0943 2828 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

23:36:34.0975 2828 WbioSrvc - ok

23:36:35.0021 2828 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

23:36:35.0053 2828 wcncsvc - ok

23:36:35.0084 2828 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

23:36:35.0115 2828 WcsPlugInService - ok

23:36:35.0162 2828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

23:36:35.0162 2828 Wd - ok

23:36:35.0193 2828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

23:36:35.0224 2828 Wdf01000 - ok

23:36:35.0255 2828 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

23:36:35.0333 2828 WdiServiceHost - ok

23:36:35.0349 2828 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

23:36:35.0365 2828 WdiSystemHost - ok

23:36:35.0411 2828 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

23:36:35.0443 2828 WebClient - ok

23:36:35.0489 2828 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

23:36:35.0552 2828 Wecsvc - ok

23:36:35.0567 2828 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

23:36:35.0630 2828 wercplsupport - ok

23:36:35.0677 2828 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

23:36:35.0723 2828 WerSvc - ok

23:36:35.0786 2828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

23:36:35.0833 2828 WfpLwf - ok

23:36:35.0848 2828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

23:36:35.0864 2828 WIMMount - ok

23:36:35.0895 2828 WinDefend - ok

23:36:35.0911 2828 WinHttpAutoProxySvc - ok

23:36:35.0973 2828 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

23:36:36.0035 2828 Winmgmt - ok

23:36:36.0113 2828 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

23:36:36.0191 2828 WinRM - ok

23:36:36.0316 2828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

23:36:36.0347 2828 WinUsb - ok

23:36:36.0394 2828 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

23:36:36.0441 2828 Wlansvc - ok

23:36:36.0613 2828 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:36:36.0659 2828 wlidsvc - ok

23:36:36.0769 2828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

23:36:36.0800 2828 WmiAcpi - ok

23:36:36.0862 2828 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

23:36:36.0909 2828 wmiApSrv - ok

23:36:36.0956 2828 WMPNetworkSvc - ok

23:36:36.0987 2828 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

23:36:37.0003 2828 WPCSvc - ok

23:36:37.0034 2828 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

23:36:37.0081 2828 WPDBusEnum - ok

23:36:37.0096 2828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

23:36:37.0174 2828 ws2ifsl - ok

23:36:37.0205 2828 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

23:36:37.0252 2828 wscsvc - ok

23:36:37.0252 2828 WSearch - ok

23:36:37.0330 2828 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

23:36:37.0346 2828 WSWNA3100 - ok

23:36:37.0486 2828 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

23:36:37.0533 2828 wuauserv - ok

23:36:37.0627 2828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

23:36:37.0705 2828 WudfPf - ok

23:36:37.0751 2828 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

23:36:37.0783 2828 WUDFRd - ok

23:36:37.0814 2828 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

23:36:37.0861 2828 wudfsvc - ok

23:36:37.0892 2828 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

23:36:37.0954 2828 WwanSvc - ok

23:36:37.0985 2828 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

23:36:38.0251 2828 \Device\Harddisk0\DR0 - ok

23:36:38.0282 2828 Boot (0x1200) (d5504a391aa340d3a569ffc5d61d1100) \Device\Harddisk0\DR0\Partition0

23:36:38.0297 2828 \Device\Harddisk0\DR0\Partition0 - ok

23:36:38.0297 2828 ============================================================

23:36:38.0297 2828 Scan finished

23:36:38.0297 2828 ============================================================

23:36:38.0313 4240 Detected object count: 1

23:36:38.0313 4240 Actual detected object count: 1

23:37:56.0719 4240 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

23:37:56.0719 4240 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:38:08.0060 0480 Deinitialize success

Link to post
Share on other sites

OK, that scan was clean....please do this.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I had Windows decide to do some updates after running ComboFix, hope that doesn't cause issues.

ComboFix 12-06-23.05 - Matt 24/06/2012 9:41.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1913.829 [GMT 10:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\00000004.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\1afb2d56

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\55490ac4

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\80000032.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\n

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\00000004.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\00000008.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\000000cb.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000000.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000032.@

c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000064.@

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))

.

.

2012-06-23 23:50 . 2012-06-23 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 10:39 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C968F6-E2A7-4FE2-ACDE-6AC089310418}\mpengine.dll

2012-06-23 10:36 . 2012-05-15 04:01 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-06-23 10:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 10:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 10:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 10:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 10:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 10:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 10:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 10:34 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 10:34 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 05:02 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-23 05:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-23 05:02 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-23 05:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-23 05:01 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-23 05:01 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-23 04:59 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-23 04:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-23 04:59 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-23 04:59 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-23 04:59 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-23 04:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-23 04:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-23 04:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-15 09:53 . 2012-06-23 03:52 -------- d-----w- c:\windows\system32\Macromed

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 05:56 . 2011-09-27 08:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 06:05 . 2012-05-10 07:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-10 07:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 07:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-30 11:35 . 2012-05-10 07:19 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2010-02-18 3272040]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-14 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-20 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-28 1811456]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-02-02 103792]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2009-08-24 126392]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1331570480-336128708-1802499603-1000Core.job

- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-16 14:32]

.

2012-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1331570480-336128708-1802499603-1000UA.job

- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-16 14:32]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-07 410648]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://toshiba.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\vwa2a0jb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.inthemix.com.au/forum/forumdisplay.php?forumid=4

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-combofix - c:\combofix\CF1018.3XE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2012-06-24 10:12:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-24 00:12

.

Pre-Run: 414,483,623,936 bytes free

Post-Run: 414,154,534,912 bytes free

.

- - End Of File - - 660BDC02110F0C1570F32CE221619BF4

Link to post
Share on other sites

Updates and quick scan run, log below. Computer is back to normal now, no issues this this morning. Thanks a bunch for your help, it's very much appreciated.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Matt :: C660 [administrator]

Protection: Enabled

24/06/2012 10:05:57 PM

mbam-log-2012-06-24 (22-05-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215853

Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great :)

A little clean up to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.