Jump to content

Malawarebytes affects windows licensing authentification


Recommended Posts

Hello to the Malaware team,

I have proceeded as requested and I have posted an new topic here.

I have also copied my previous correspondance which details what I did previously.

I also installed the latest version of MalawareBytes. I tried to perform a complete scan and

the software completely freezes my computer when scanning the following file.

C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPFILT.DLL

I do not know if this file has a problem but the application forced a hard reset which is not too good in any case.

I then performed a quick scan. Here is the log.

Malawarebyte log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.05.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18943

Luc Duranleau :: LEONIDAS [administrator]

Protection: Disabled

2013-01-05 13:20:22

mbam-log-2013-01-05 (13-20-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228485

Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS

As requested, I performed a DDS scan.

Here are the 2 log files.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2

Run by Luc Duranleau at 13:33:04 on 2013-01-05

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.978 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\dllhost.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

C:\Windows\System32\msdtc.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Windows\System32\vds.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\iashost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\TOSHIBA\reminder\reminder.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.iciwave.com/

uProxyServer = fpro.rtss.qc.ca:8080

uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [toscdspd] TOSCDSPD.EXE

uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:153

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736]

R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 40776]

S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]

.

=============== File Associations ===============

.

FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-01-05 17:30:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO

2013-01-05 14:21:00 -------- d-----w- c:\program files\REGSERVO

2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51}

2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET

2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C}

2013-01-04 22:28:25 -------- d-----w- c:\windows\pss

2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet

2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners

2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe

2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro

2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data

2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia

2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp

2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061}

2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984}

2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D}

2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27}

2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C}

2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0}

2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83}

2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E}

2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27}

2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3}

2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6}

2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49}

2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547}

2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper

2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB}

2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2}

2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2}

2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1}

2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6}

2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8}

2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7}

2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159}

2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E}

2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A}

2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3}

2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322}

2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C}

2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130}

2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5}

2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219}

2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350}

2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A}

2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B}

2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E}

2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464}

2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865}

2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97}

2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D}

2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175}

2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07}

2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E}

2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D}

2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE}

2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552}

2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D}

2012-12-07 09:19:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{DE7BA250-8693-43E4-845A-5186259CFBC2}

2012-12-06 21:17:07 -------- d-----w- c:\users\luc duranleau\appdata\local\{F0CBD7CB-D33F-4519-9CA8-BC0B04468960}

.

==================== Find3M ====================

.

2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe

.

============= FINISH: 13:34:14,30 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Édition Familiale Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2007-12-02 06:53:14

System Uptime: 2013-01-05 13:15:00 (0 hours ago)

.

Motherboard: TOSHIBA | | ISRAA

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 31,699 GiB free.

D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color EU Recommended Settings

Adobe Color JA Extra Settings

Adobe Color NA Extra Settings

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash CS3

Adobe Flash CS3 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS

Adobe Reader X (10.1.4) - Français

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Alamoon Watermark v1.4

Apple Software Update

ATI Catalyst Install Manager

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.4

Bluetooth Stack for Windows by Toshiba

Canon Auto Update Service

Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels

Canon G.726 WMP-Decoder

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Codeur Windows Media Série 9

Compatibility Pack for the 2007 Office system

D3DX10

Diablo II

DVD MovieFactory for TOSHIBA

ESET Online Scanner v3

Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)

GoToMeeting 4.8.0.723

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImgBurn

Intel Matrix Storage Manager

Java 7 Update 10

Java Auto Updater

Juniper Networks Network Connect 6.5.0

Juniper Networks Setup Client

Logiciel Intel® PROSet/Wireless

Malwarebytes Anti-Malware version 1.70.0.1100

Maxtor Backup

Maxtor OneTouch III

mCore

mHelp

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (French) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Groove MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word Viewer 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server Native Client

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft XML Parser

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

mMHouse

Mozilla Firefox 17.0.1 (x86 fr)

Mozilla Maintenance Service

mPfMgr

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro PDF Professional

PDF Settings

PrimoPDF -- brought to you by Nitro PDF Software

Programme de gestion Camera de Logitech®

QuickTime

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

RecoveryFix For Windows ver 7.06.01

REGSERVO

reminder

Réducteur de bruit lect. CD/DVD

Screen-Cut

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB980376)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB982127)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Segoe UI

Skins

SUPERAntiSpyware

Sybase PowerAMC 11.0

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HD DVD PLAYER

TOSHIBA Mot de passe responsable

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

UltraEdit-32 Uninstall

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Outlook 2007 Junk Email Filter (kb2279264)

Utility Common Driver

VLC media player 2.0.2

wavedesktop_1_5

Windows Live

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== End Of File ===========================

===============================================

Previous correspondance

Part 1

Hello to the Malwarebytes team,

I have come across a serious problem after running the Malwarebytes application.

It detected the following trojans in the seperate sequences.

1) Exploit.Drop.GS and Trojan.Ransom.SuGen

I simply executed the cleaning MalwareBytes suggested. It then rebooted.

Here is the log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 913010306

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18943

2013-01-03 16:11:28

mbam-log-2013-01-03 (16-11-28).txt

Scan type: Quick scan

Objects scanned: 240398

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.

C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

2) Running Malwarebytes again, it found RootKit.0Access

Again, I simply executed the cleaning MalwareBytes suggested. It then rebooted.

Here is the log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 913010306

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

2013-01-03 16:32:15

mbam-log-2013-01-03 (16-32-15).txt

Scan type: Quick scan

Objects scanned: 242891

Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot.

Problem

At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key.

All attempts to activate fail. Even Microsoft support failed to reactivate my OS.

Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly?

Thanks for your support,

Luc

Part 2

Hello,

Thanks for your reply.

I have since cleaned the computer and no longer have the trojans. Used TDSKiller, RogueKiller, ESET and Malwarebytes. Computer is clean.

I have looked at the application event logs and warnings and errors for winlogon occur at around the same time Malwarebytes was executed and the logs

were generated. My guess is that Malwarebytes cleaned an infection but in so doing provoked or indirectly provoked a modification as indicated in this event error.

-

<Event xmlns="http://schemas.micro...08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" />

<EventID Qualifiers="16384">12291</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2013-01-03T21:12:43.000Z" />

<EventRecordID>33597</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>Application</Channel>

<Computer>LEONIDAS</Computer>

<Security />

</System>

<EventData>

<Data>hr=0xC004D301</Data>

</EventData>

</Event>

Hope this helps.

Luc

============================================================================

Link to post
Share on other sites

QUOTE ...First Quote:

I tried to perform a complete scan and

the software completely freezes my computer when scanning the following file.

C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPFILT.DLL

I do not know if this file has a problem but the application forced a hard reset which is not too good in any case.

...Next Quote:

Files Infected:

C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot.

Problem

At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key.

All attempts to activate fail. Even Microsoft support failed to reactivate my OS.

Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly?


As to the first quote above...that file you reference is harmless. It's part of Microsoft Office's Image Filter library for document Imaging. The freeze issue may be totally unrelated.

As to the second quote above...possibly. One way to find out is simply to open MalwareBytes, click the "Quarantine" tab and restore the file that MBAM removed which caused your Microsoft Authentication issue. Please be sure to restore ONLY that one file (referenced in the quote above labeled "Problem") that was removed just prior to this becoming an issue.

One big problem I noticed first is the packed drive. Your operating system needs a bit more breathing room. According to the size of your hard disk, your Windows drive partition needs at the minimum, 33 gigs of free space...keep in mind, this is minimum. More than that is ideal, but you have in fact, 2 gigs less. To remedy this, you would need to uninstall/remove/delete things you KNOW with certainty that you don't need. I would suggest that if you have files/folders/documents that you created, please consider placing them on removable media. Such things as music and video can be huge files that would be good candidates for removal.

Did you install, and do you use LogMeIn and GoToMeeting? They're fine to use if you did, just be certain to use strong passwords...but if you did not, uninstalling them is the best idea.

Backup software can quickly add up so keeping an eye on this is most important. If you create backup copies using such software, look into the prospect of keeping these on removal media.

I can also suggest removing these:

SUPERAntiSpyware

ESET Online Scanner v3

...they are fine to use but for your purposes at this point, they can be removed to help free up needed disk space.

On your next reply, please post a fresh DDS scan log. Tell us what issues remain and please answer if you created this proxy setup:

uProxyServer = fpro.rtss.qc.ca:8080

Thanks!

Link to post
Share on other sites

Hello,

Thanks for responding.

1) Malawarebytes freezing on a Windows file.

It is true that it may totally unrelated, however the application reacts identically at all times. It does not react randomly.

As everything freezes (even the cursor), I must hard boot. I am therefore relunctant to use the application with this option

until the application can recover from whatever it is trying to do at this point.

2) Restore Malawarebytes quarantined file.

At this moment, I am also relunctant to try this. The main reason is that I feel that Malawarebytes did not directly cause

the problem. I fear that the virus reacted to being dislodged and on reboot, it acted upon the licensing components

or registry. I would prefer trying to figure out what corrupted the licensing components. Undoing the Malawarebytes

quarantine may have more dangerous results and I doubt it would recover the authentication components if it was

unaware of the viruses capability to act on being deleted. Besides, I ran the 1.4 version of the application and now

have the newest version. Not sure the new version can unquarantine files from prior versions.

3) I have freed space. The C drive now has 32 GB. I will further liberate more space later.

4) I've uninstalled GoToMeeting. LogmeIn is a client used by Microsoft support. I will leave there for now. There are no passwords involved.

5) I have removed ESET and SuperAntiSpyware

6) The proxy setup was done by one of my government clients. Completely legitimate and I believe disactivated.

7) At the moment, the authentication problem remains.

Here is the DDS log :

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2

Run by Luc Duranleau at 12:35:22 on 2013-01-06

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.903 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

C:\Windows\System32\msdtc.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Windows\System32\vds.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\iashost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\TOSHIBA\reminder\reminder.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.iciwave.com/

uProxyServer = fpro.rtss.qc.ca:8080

uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [toscdspd] TOSCDSPD.EXE

uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:153

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736]

R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]

RUnknown SASDIFSV;SASDIFSV; [x]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]

.

=============== File Associations ===============

.

FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-01-05 19:50:27 -------- d-sh--w- C:\found.000

2013-01-05 19:21:04 -------- d-----w- C:\MGADiagToolOutput

2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO

2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51}

2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET

2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C}

2013-01-04 22:28:25 -------- d-----w- c:\windows\pss

2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet

2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners

2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe

2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro

2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data

2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia

2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp

2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061}

2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984}

2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D}

2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27}

2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C}

2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0}

2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83}

2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E}

2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27}

2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3}

2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6}

2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49}

2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547}

2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper

2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB}

2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2}

2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2}

2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1}

2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6}

2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8}

2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7}

2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159}

2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E}

2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A}

2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3}

2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322}

2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C}

2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130}

2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5}

2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219}

2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350}

2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A}

2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B}

2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E}

2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464}

2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865}

2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97}

2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D}

2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175}

2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07}

2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E}

2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D}

2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE}

2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552}

2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D}

.

==================== Find3M ====================

.

2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe

.

============= FINISH: 12:36:34,16 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Édition Familiale Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2007-12-02 06:53:14

System Uptime: 2013-01-05 21:17:02 (15 hours ago)

.

Motherboard: TOSHIBA | | ISRAA

Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 32,512 GiB free.

D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1843: 2012-12-02 04:17:56 - Point de contrôle planifié

RP1844: 2012-12-03 00:00:10 - Point de contrôle planifié

RP1845: 2012-12-04 00:00:10 - Point de contrôle planifié

RP1846: 2012-12-05 15:58:52 - Point de contrôle planifié

RP1847: 2012-12-07 01:27:18 - Point de contrôle planifié

RP1848: 2012-12-08 03:35:14 - Point de contrôle planifié

RP1849: 2012-12-09 00:00:12 - Point de contrôle planifié

RP1850: 2012-12-16 19:32:36 - Point de contrôle planifié

RP1851: 2012-12-17 09:12:18 - Point de contrôle planifié

RP1852: 2012-12-18 00:27:04 - Point de contrôle planifié

RP1853: 2012-12-19 03:20:05 - Point de contrôle planifié

RP1854: 2012-12-20 01:06:01 - Point de contrôle planifié

RP1855: 2012-12-21 02:21:22 - Point de contrôle planifié

RP1856: 2012-12-22 09:45:15 - Point de contrôle planifié

RP1857: 2012-12-23 00:00:11 - Point de contrôle planifié

RP1858: 2012-12-28 21:44:34 - Point de contrôle planifié

RP1859: 2012-12-30 00:00:22 - Point de contrôle planifié

RP1860: 2013-01-03 06:17:53 - Point de contrôle planifié

RP1861: 2013-01-03 18:45:34 - Point de contrôle planifié

RP1863: 2013-01-04 00:40:23 - Removed Java 6 Update 29

RP1864: 2013-01-04 00:43:05 - Removed Ask Toolbar.

RP1866: 2013-01-04 01:46:45 - Malwarebytes Anti-Rootkit Restore Point

RP1868: 2013-01-04 10:41:01 - Panda ZAcccess init

RP1870: 2013-01-04 10:53:00 - Panda ZAcccess Cleanup

RP1871: 2013-01-04 11:23:41 - Installed Java 7 Update 10

RP1872: 2013-01-04 11:43:10 - Installed Adobe Reader X (10.1.0) - Français.

RP1873: 2013-01-04 11:48:16 - Removed Ask Toolbar.

RP1874: 2013-01-04 16:13:08 - Opération de restauration

RP1875: 2013-01-06 01:37:13 - Point de contrôle planifié

.

==== Installed Programs ======================

.

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color EU Recommended Settings

Adobe Color JA Extra Settings

Adobe Color NA Extra Settings

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash CS3

Adobe Flash CS3 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS

Adobe Reader X (10.1.4) - Français

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Alamoon Watermark v1.4

Apple Software Update

ATI Catalyst Install Manager

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.4

Bluetooth Stack for Windows by Toshiba

Canon Auto Update Service

Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels

Canon G.726 WMP-Decoder

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Codeur Windows Media Série 9

Compatibility Pack for the 2007 Office system

D3DX10

DVD MovieFactory for TOSHIBA

Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImgBurn

Intel Matrix Storage Manager

Java 7 Update 10

Java Auto Updater

Juniper Networks Network Connect 6.5.0

Juniper Networks Setup Client

Logiciel Intel® PROSet/Wireless

Malwarebytes Anti-Malware version 1.70.0.1100

Maxtor Backup

Maxtor OneTouch III

mCore

mHelp

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (French) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Groove MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 2 (SP2)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word Viewer 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server Native Client

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft XML Parser

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

mMHouse

Mozilla Firefox 17.0.1 (x86 fr)

Mozilla Maintenance Service

mPfMgr

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro PDF Professional

PDF Settings

PrimoPDF -- brought to you by Nitro PDF Software

Programme de gestion Camera de Logitech®

QuickTime

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

RecoveryFix For Windows ver 7.06.01

reminder

Réducteur de bruit lect. CD/DVD

Screen-Cut

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB980376)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 (KB982127)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Segoe UI

Skins

Sybase PowerAMC 11.0

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HD DVD PLAYER

TOSHIBA Mot de passe responsable

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

UltraEdit-32 Uninstall

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Outlook 2007 Junk Email Filter (kb2279264)

Utility Common Driver

VLC media player 2.0.2

wavedesktop_1_5

Windows Live

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

I have some new information. From the MGAD tool I get this report.

================================================

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Invalid License

Validation Code: 50

Cached Online Validation Code: 0xc004c4a8

Windows Product Key: *****-*****-VP74J-HXBP4-M3C3R

Windows Product Key Hash: YwJKIRZgJO33T76zrufXyl8F+bM=

Windows Product ID: 89578-OEM-7248824-22457

Windows Product ID Type: 8

Windows License Type: COA SLP

Windows OS version: 6.0.6002.2.00010300.2.0.003

ID: {990E546B-80F5-4F96-9974-9A5E99DD30AD}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.42.0

Signed By: Microsoft

Product Name: Windows Vista Home Premium

Architecture: 0x00000000

Build lab: 6002.vistasp2_gdr.100608-0458

TTS Error: T:20130103161247921-

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: 6.0.6002.16398

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 114 Blocked VLK 2

Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2

Microsoft Office Enterprise 2007 - 100 Genuine

Microsoft Office Visio Professional 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{990E546B-80F5-4F96-9974-9A5E99DD30AD}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-M3C3R</PKey><PID>89578-OEM-7248824-22457</PID><PIDType>8</PIDType><SID>S-1-5-21-71766485-4058461557-3020660485</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.80</Version><SMBIOSVersion major="2" minor="4"/><Date>20070927000000.000000+000</Date></BIOS><HWID>24313507018400FA</HWID><UserLCID>0C0C</UserLCID><SystemLCID>040C</SystemLCID><TimeZone>Est(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011040C-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73958-640-0000106-57793</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>BAFB54383B18D86</Val><Hash>aWcD5nZ52RuF82J7kJdEZTPyC7w=</Hash><Pid>89388-707-4914746-65431</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>3AB862DE70D8D86</Val><Hash>UfpXsJvSSVcPufbDdjd0NK73+ug=</Hash><Pid>89405-707-4159871-63630</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="53" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Version du service de licences logicielles : 6.0.6002.18005

Nom : Windows Vista, HomePremium edition

Description : Windows Operating System - Vista, OEM_COA_SLP channel

ID d’activation : a4eec485-e375-48b4-8f51-80d13a4086b6

ID d’application : 55c92734-d682-4d71-983e-d6ec3f16059f

PID étendu : 89578-00144-488-222457-02-3084-6002.0000-0042013

ID d’installation : 021315970735941420520484003302453532336402878520721695

URL du certificat du processeur : http://go.microsoft.com/fwlink/?LinkID=43473

URL du certificat de l’ordinateur : http://go.microsoft.com/fwlink/?LinkID=43474

URL de licence d’utilisation : http://go.microsoft.com/fwlink/?LinkID=43476

URL du certificat de clé de produit : http://go.microsoft.com/fwlink/?LinkID=43475

Clé de produit partielle : M3C3R

État de la licence : sans licence

Windows Activation Technologies-->

N/A

HWID Data-->

HWID Hash Current: OgAAAAEAAwABAAIAAQACAAAABAABAAEAJJRW8arbcscoS0aDDB3Suc5w8vQa7LhqZHFKcKxWun0qhQ==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20000

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC INTEL CRESTLNE

FACP TOSCPL CRESTLNE

HPET INTEL CRESTLNE

BOOT PTLTD $SBFTBL$

MCFG INTEL CRESTLNE

TCPA Intel CRESTLNE

TMOR PTLTD

SLIC TOSCPL TOSCPL00

OSFR TOSHIB A+2nd ID

APIC INTEL CRESTLNE

SSDT SataRe SataAhci

SSDT SataRe SataAhci

SSDT SataRe SataAhci

SSDT SataRe SataAhci

=================================================================

The TTS error (Tamper Time Stamp) indicates 2012-01-03 16:12.

The Malwarebyte's quarantine processus occured at 2013-01-03 16:11 as indicated in log below.

=================================================================

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 913010306

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18943

2013-01-03 16:11:28

mbam-log-2013-01-03 (16-11-28).txt

Scan type: Quick scan

Objects scanned: 240398

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.

C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

====================================================================

It is thus certain that the quarantining of the infected files caused or indirectly caused a Mod-Auth event.

Any help will be appréciated to correct the tampering.

If restoring the quarantined files can guarantee proper recovery then fine. But I do not want to reactivate infection.

Thanks for your help,

Luc

Link to post
Share on other sites

"LogmeIn is a client used by Microsoft support. I will leave there for now. There are no passwords involved."

LogMeIn is a piece of remote access software which allows anyone to access your computer...anyone that is, that knows YOUR password. You say "there are no passwords involved" but I challenge you to go back over the installation instructions you used. As a matter or course, the LogMeIn Host software (which is what you have installed) is designed to allow any remote user access to a system on which it is installed as long as THEY know how to log into the account that was set up. So...when you set up this account, are you saying that you set NO PASSWORD? If so, I would probably be able to access your system myself. I still suggest that you uninstall this software. If you choose to work with Microsoft again in the future and they want you to "trust" them by allowing them access to your system, then they can always instruct you to install it again at such time.

By the way, If Microsoft told you to install this software while they were working with you, then failed to tell you to uninstall it when they finished, then I would have to say they failed to properly guide you using preferable security measures, which doesn't surprise me a bit

"6) The proxy setup was done by one of my government clients. Completely legitimate and I believe disactivated."

Please explain this in greater detail. Is that system your own or is this owned by some company for the work you do? Regardless, the proxy server is there and not "disactivated" as you call it.

"7) At the moment, the authentication problem remains."

Is this ever present? By that I mean, do you see a message in the lower right corner or your system which says "This copy of Windows is not valid"? Are you unable to download any of the non-critical Windows Updates?


We need to update much of your software and we also need to make a determination as to which of these are experiencing vulnerabilities. Please download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results.

Next, we need to install the secunia PSI utility. You can find it Here...just click the green download button on the right. When the download completes, please right-click the PSISetup.exe and select "Run as administrator". Follow the prompts to install it and please leave all default settings as they are. When finished, click to allow the utility to perform a scan of the system. When that scan completes, you will be shown a listing of programs which have been found to contain vulnerabilities...along with this, there will be a "solution" with Secunia's recommendations.

Please post back THOSE results as well...Next, please download the Microsoft Safety Scanner. Just beneath the Download Now button, please click the "Select your version" link, then select which version applies in your situation.

Choose "Save File" and save it to your desktop. When the download completes, double-click the executable file and choose to run the program (please "OK" any prompts). Accept the terms and click "Next". Click "Next" again to choose the type of scan. "Quick scan" is selected by default. Please leave this default setting, then click "Next" to begin the scan.

This scanner works with your antivirus program so disabling it is not necessary. Please do nothing else with your computer while this scan is underway.

If the scan reports something found and removed, then it's best to follow up with the "Full scan". In either case, when the scan(s) complete click the Finish button to close the program. Please locate the log Here:

C:\Windows\Debug\msert.log

...The log will open as a text file using notepad. Please copy it's contents and post that here in your next reply. Thanks!

Link to post
Share on other sites

Hello,

Thanks for you reply.

To finish up on the issues you mentionned.

4) LogMeIn - This seems to be an applet that was downloaded. Nothing is installed and there are no services attached. I deleted the executable.

If there is anything else that needs to be done to get rid of it, let me know.

6) Proxy - this proxy was setup by one of my clients (government health agency). I thought it was de-activated. Please let me know how to completely remove it.

7) The system asks to reactivate the product key. The background is black and at the bottom right hand corner is a label indicating Windows Vista 6002 (copy not genuine).

I tried entering the COA product key on sticker on the back of my computer. To no avail. Tried the telephone activation method through Microsoft support.

The 9 sets of 6 digits. To no avail. Tried system restore. System restore fails with error code 0x8000FFFF. Microsoft support tried reloading and rearming licensing components

(slsvc and slmgr). To no avail. The Tamper Time Stamp indicates a «T» type tamper and I guess it will not accept anything until that state is resolved.

Updates - I did a Vista update last night. No affect on licensing problem. I will complete your instructions and get back to you with the results.

Thanks,

Luc

Link to post
Share on other sites

Alright, thanks. By the way, whether you use a program or not, updating it is still necessary and if it is one that Secunia indicated was vulnerable, then that's all the more reason to follow through with their recommendation(s). I hope you did...

I noted earlier that your version of mbam is out of date. Surprised as well that you made no mention of updating from having used either of the update scans I recommended above. Please open MBAM, run a manual update, reboot when it completes, then try running a full system scan again to see if things still freeze. If so, boot into safe mode and try the full scan from there. If it still freezes, just boot back to normal mode and continue below:

Before I get too far off track with you, I wanted to remind you that if Microsoft had already worked with you to resolve this and they were unable, then I want you to know it should have ended there since this type issue can only be resolved by Microsoft licensing either via telephone, or by remote assistance as you indicated. If they can't resolve it then there's little chance anyone else will either.

I do have to say though, I had a very similar situation myself with Vista some years ago but my issue was unrelated to any malware tampering. Mine was due to my own hacking of the registry. To resolve it, I simply uninstalled the service pack, restored the registry to the condition it was in before I hacked it, then reinstalled the service pack and the issue resolved.

ZeroAccess seems to be what started this for you so we need to attack that vector. Let's move on...

I had noted from evidence in the logs, that you had also tried a variety of other removal tools at some point. Just so there's no mistake, please do nothing other than what is instructed here until we finish...no other scans that is.

I'd like you to try a free utility for me that might help us remedy this situation:

Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.

...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled (Microsoft Security Essentials users can disregard the Windows Defender disable instruction since while MSE is installed, Windows Defender is disabled already by default).

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:

Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Link to post
Share on other sites

Hello,

If you check my first entry, you will find the log output for MBAM 1.7 which is the version I updated to.

The log indicates nothing abnormal.

The log from MBAM 1.4 was the one used at the time of the disinfection that caused or indirectly caused

the authentication problem.

Luc

Link to post
Share on other sites

Hi again,

Here is MBAM log. I will continue with ComboFix now.

Luc

=====================================================================

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.07.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18943

Luc Duranleau :: LEONIDAS [administrator]

Protection: Disabled

2013-01-07 17:11:14

mbam-log-2013-01-07 (17-11-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229201

Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Disable any security program running real time protection. Disabling UAC is not necessary. With WIndows Vista, the recovery console is a misnomer. Recovery options are on the install media and in the case where vendors fail to include installation media with their systems, the recovery options are most likely on another (hidden) partition. This is probably your situation. You can check your owners documents or the Manufacturer's web site to confirm this if there is any doubts or questions.

edit added:

By the way, are you still unable to run a full system scan with mbam, in either normal or safe mode? The quick scan is your only option?

Link to post
Share on other sites

Hi,

Here is the ComboFix log. By the way, I needed to reboot as none of my apps could start. An

error saying that access was denied because a registry entry was to be deleted.

ComboFix 13-01-06.01 - Luc Duranleau 2013-01-07 19:26:44.3.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.1160 [GMT -5:00]

Lancé depuis: c:\users\Luc Duranleau\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-12-08 au 2013-01-08 ))))))))))))))))))))))))))))))))))))

.

.

2013-01-08 00:40 . 2013-01-08 00:41 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\temp

2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Invité\AppData\Local\temp

2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-07 19:49 . 2013-01-07 19:49 -------- d-----w- c:\programdata\Apple Computer

2013-01-07 18:59 . 2013-01-07 18:59 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Secunia PSI

2013-01-07 18:58 . 2013-01-07 18:58 -------- d-----w- c:\program files\Secunia

2013-01-07 18:44 . 2013-01-07 18:44 -------- d-----w- c:\program files\FileHippo.com

2013-01-05 19:50 . 2013-01-05 19:50 -------- d-----w- C:\found.000

2013-01-05 19:21 . 2013-01-06 18:11 -------- d-----w- C:\MGADiagToolOutput

2013-01-05 19:11 . 2013-01-05 19:11 -------- d-----w- c:\programdata\Office Genuine Advantage

2013-01-05 16:42 . 2013-01-05 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 16:42 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-05 14:21 . 2013-01-05 14:21 -------- d-----w- c:\programdata\RegSERVO

2013-01-04 20:32 . 2013-01-07 18:21 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\LogMeIn Rescue Applet

2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners

2013-01-04 19:05 . 2013-01-04 19:05 4729224 ----a-w- c:\windows\uninst.exe

2013-01-04 19:05 . 2013-01-04 19:17 -------- d-----w- c:\programdata\PC1Data

2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PCPro

2013-01-04 16:37 . 2013-01-04 16:37 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Macromedia

2013-01-04 16:36 . 2013-01-04 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-04 16:25 . 2012-11-28 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-03 22:58 . 2013-01-03 22:58 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-03 21:13 . 2013-01-03 21:13 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe

2013-01-03 21:13 . 2013-01-03 21:13 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe

2012-12-25 07:53 . 2012-12-25 07:53 -------- d-----w- c:\users\Luc Duranleau\dwhelper

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-07 19:47 . 2011-09-11 20:32 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-07 09:58 . 2010-08-25 23:14 56680 ----a-w- c:\windows\system32\rpcnet.dll

2013-01-03 23:00 . 2010-08-29 03:54 279552 ----a-w- c:\windows\system32\services.exe

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2013-01-03 21:13 . 2012-04-12 20:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

<pre>
c:\program files\Camera Assistant Software for Toshiba\traybar .exe
c:\program files\ltmoh\Ltmoh .exe
c:\program files\Synaptics\SynTP\SynTPStart .exe
c:\program files\TOSHIBA\Utilities\KeNotify .exe
</pre>

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toscdspd"="TOSCDSPD.EXE" [N/A]

"reminder"="c:\program files\TOSHIBA\reminder\reminder.exe" [2007-05-16 407672]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [N/A]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-13 113664]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - PSI

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

.

2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74AEAE6A-923F-4414-A6C1-ABCC0714A59C}.job

- c:\windows\system32\msfeedssync.exe [2010-08-29 04:24]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.iciwave.com/

uInternet Settings,ProxyServer = fpro.rtss.qc.ca:8080

uInternet Settings,ProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local>

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: desjardins.com\accesd.affaires

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

- - - - ORPHELINS SUPPRIMES - - - -

.

SafeBoot-27012286.sys

SafeBoot-75658422.sys

SafeBoot-klmdb.sys

AddRemove-RecoveryFix For Windows(Demo)_is1 - d:\recoveryfix for windows(demo)\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-07 19:41

Windows 6.0.6002 Service Pack 2 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Heure de fin: 2013-01-07 19:46:03

ComboFix-quarantined-files.txt 2013-01-08 00:46

.

Avant-CF: 34 005 401 600 octets libres

Après-CF: 34 037 583 872 octets libres

.

- - End Of File - - C526C874539490441DD84E9F7D995C62

Link to post
Share on other sites

I'm assuming all went as planned as you made no mention of having difficulty other than the need for a reboot (which is quite common by the way). So I would need to see combofix logs numbers 2 and 3. Please navigate to C:\qoobox. Inside that folder you would find the other combfix logs from your previous two scans. They would be numbered combofix2.txt and combofix3.txt...please post them on your next reply. Thanks!

Link to post
Share on other sites

Please post the tdsskiller log from the last time you used it. I'd like to bring to your attention, the use of this program:

c:\programdata\RegSERVO

...as this program is basically a registry cleaner, it would be in your best interest if you were to use the programs built-in "copy" feature to restore any registry entries that you removed using this program. That is, unless you consider yourself an expert.

Next, please we need to run combofix again, using a script this time...so please disable the on board security products as before, thanks!

Please open a blank Notepad...Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated along with the other requested logs. Thanks!

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

RenV::

c:\program files\Camera Assistant Software for Toshiba\traybar .exe

c:\program files\ltmoh\Ltmoh .exe

c:\program files\Synaptics\SynTP\SynTPStart .exe

c:\program files\TOSHIBA\Utilities\KeNotify .exe

folder::

C:\found.000

c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners

Link to post
Share on other sites

Hi,

I ran the complete of MBAM and things run fine now. Here is the log.

I checked QooBox and those 2 log files can't be found. Also a folder called BadEnv which I cannot access. It is denied.

I will get going on executing ComboFix with your script.

Also, I did scan with RegServo but did not change anything in the registry. Just wanted to see what it gave me.

I am generally quite cautious about having software fiddle around with the registry.

Luc

=============================================================

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.07.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18943

Luc Duranleau :: LEONIDAS [administrator]

Protection: Disabled

2013-01-07 20:00:52

mbam-log-2013-01-07 (20-00-52).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 443850

Time elapsed: 2 hour(s), 57 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

============================================================

Link to post
Share on other sites

Hi,

Here are the TDSSKiller, ESET and RogueKiller logs at the time things screwed up with authentication.

Luc

=================================================================

17:57:47.0936 4804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:57:48.0290 4804 ============================================================

17:57:48.0290 4804 Current date / time: 2013/01/03 17:57:48.0290

17:57:48.0290 4804 SystemInfo:

17:57:48.0290 4804

17:57:48.0290 4804 OS Version: 6.0.6002 ServicePack: 2.0

17:57:48.0290 4804 Product type: Workstation

17:57:48.0290 4804 ComputerName: LEONIDAS

17:57:48.0290 4804 UserName: Luc Duranleau

17:57:48.0290 4804 Windows directory: C:\Windows

17:57:48.0290 4804 System windows directory: C:\Windows

17:57:48.0290 4804 Processor architecture: Intel x86

17:57:48.0290 4804 Number of processors: 2

17:57:48.0290 4804 Page size: 0x1000

17:57:48.0290 4804 Boot type: Normal boot

17:57:48.0290 4804 ============================================================

17:57:49.0530 4804 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:57:49.0530 4804 ============================================================

17:57:49.0530 4804 \Device\Harddisk0\DR0:

17:57:49.0530 4804 MBR partitions:

17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B865800

17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C717800, BlocksNum 0xAAE000

17:57:49.0530 4804 ============================================================

17:57:49.0580 4804 C: <-> \Device\Harddisk0\DR0\Partition1

17:57:49.0630 4804 D: <-> \Device\Harddisk0\DR0\Partition2

17:57:49.0630 4804 ============================================================

17:57:49.0630 4804 Initialize success

17:57:49.0630 4804 ============================================================

17:57:53.0031 1652 ============================================================

17:57:53.0031 1652 Scan started

17:57:53.0031 1652 Mode: Manual;

17:57:53.0031 1652 ============================================================

17:57:54.0121 1652 ================ Scan system memory ========================

17:57:54.0121 1652 System memory - ok

17:57:54.0121 1652 ================ Scan services =============================

17:57:54.0431 1652 [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883 C:\Windows\system32\DRIVERS\61883.sys

17:57:54.0431 1652 61883 - ok

17:57:54.0582 1652 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

17:57:54.0582 1652 ACPI - ok

17:57:54.0683 1652 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

17:57:54.0683 1652 Adobe LM Service - ok

17:57:54.0753 1652 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

17:57:54.0763 1652 adp94xx - ok

17:57:54.0813 1652 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

17:57:54.0813 1652 adpahci - ok

17:57:54.0843 1652 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

17:57:54.0843 1652 adpu160m - ok

17:57:54.0883 1652 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

17:57:54.0883 1652 adpu320 - ok

17:57:54.0963 1652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:57:54.0963 1652 AeLookupSvc - ok

17:57:55.0043 1652 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys

17:57:55.0043 1652 AFD - ok

17:57:55.0083 1652 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

17:57:55.0083 1652 AgereModemAudio - ok

17:57:55.0183 1652 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

17:57:55.0253 1652 AgereSoftModem - ok

17:57:55.0293 1652 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:57:55.0293 1652 agp440 - ok

17:57:55.0343 1652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

17:57:55.0353 1652 aic78xx - ok

17:57:55.0413 1652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

17:57:55.0413 1652 ALG - ok

17:57:55.0443 1652 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

17:57:55.0453 1652 aliide - ok

17:57:55.0503 1652 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

17:57:55.0503 1652 amdagp - ok

17:57:55.0523 1652 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

17:57:55.0523 1652 amdide - ok

17:57:55.0553 1652 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

17:57:55.0553 1652 AmdK7 - ok

17:57:55.0593 1652 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

17:57:55.0593 1652 AmdK8 - ok

17:57:55.0633 1652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

17:57:55.0633 1652 Appinfo - ok

17:57:55.0683 1652 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

17:57:55.0693 1652 arc - ok

17:57:55.0713 1652 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

17:57:55.0713 1652 arcsas - ok

17:57:55.0753 1652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:57:55.0753 1652 AsyncMac - ok

17:57:55.0823 1652 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

17:57:55.0833 1652 atapi - ok

17:57:55.0883 1652 [ CED8A3D0DA7803CC755A21D78D326139 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

17:57:55.0883 1652 Ati External Event Utility - ok

17:57:56.0073 1652 [ 8CE91545423A431353869ED5ADE90ECE ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:57:56.0203 1652 atikmdag - ok

17:57:56.0273 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:57:56.0283 1652 AudioEndpointBuilder - ok

17:57:56.0303 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

17:57:56.0303 1652 Audiosrv - ok

17:57:56.0353 1652 [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc C:\Windows\system32\DRIVERS\avc.sys

17:57:56.0363 1652 Avc - ok

17:57:56.0403 1652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

17:57:56.0403 1652 Beep - ok

17:57:56.0483 1652 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

17:57:56.0483 1652 BFE - ok

17:57:56.0603 1652 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

17:57:56.0613 1652 BITS - ok

17:57:56.0623 1652 blbdrive - ok

17:57:56.0633 1652 Bonjour Service - ok

17:57:56.0704 1652 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:57:56.0704 1652 bowser - ok

17:57:56.0735 1652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

17:57:56.0735 1652 BrFiltLo - ok

17:57:56.0751 1652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

17:57:56.0751 1652 BrFiltUp - ok

17:57:56.0798 1652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

17:57:56.0798 1652 Browser - ok

17:57:56.0829 1652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

17:57:56.0829 1652 Brserid - ok

17:57:56.0854 1652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

17:57:56.0854 1652 BrSerWdm - ok

17:57:56.0874 1652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

17:57:56.0874 1652 BrUsbMdm - ok

17:57:56.0894 1652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

17:57:56.0894 1652 BrUsbSer - ok

17:57:56.0914 1652 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

17:57:56.0924 1652 BTHMODEM - ok

17:57:57.0184 1652 catchme - ok

17:57:57.0224 1652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:57:57.0224 1652 cdfs - ok

17:57:57.0294 1652 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:57:57.0294 1652 cdrom - ok

17:57:57.0394 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

17:57:57.0394 1652 CertPropSvc - ok

17:57:57.0444 1652 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

17:57:57.0444 1652 CFSvcs - ok

17:57:57.0494 1652 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

17:57:57.0494 1652 circlass - ok

17:57:57.0564 1652 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

17:57:57.0574 1652 CLFS - ok

17:57:57.0664 1652 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:57:57.0664 1652 clr_optimization_v2.0.50727_32 - ok

17:57:57.0704 1652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:57:57.0704 1652 CmBatt - ok

17:57:57.0734 1652 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:57:57.0744 1652 cmdide - ok

17:57:57.0784 1652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:57:57.0784 1652 Compbatt - ok

17:57:57.0794 1652 COMSysApp - ok

17:57:57.0804 1652 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

17:57:57.0814 1652 crcdisk - ok

17:57:57.0844 1652 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

17:57:57.0844 1652 Crusoe - ok

17:57:57.0914 1652 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:57:57.0914 1652 CryptSvc - ok

17:57:58.0004 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:57:58.0034 1652 DcomLaunch - ok

17:57:58.0144 1652 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:57:58.0144 1652 DfsC - ok

17:57:58.0304 1652 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

17:57:58.0384 1652 DFSR - ok

17:57:58.0454 1652 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

17:57:58.0464 1652 Dhcp - ok

17:57:58.0524 1652 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

17:57:58.0524 1652 disk - ok

17:57:58.0594 1652 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:57:58.0604 1652 Dnscache - ok

17:57:58.0664 1652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:57:58.0674 1652 dot3svc - ok

17:57:58.0724 1652 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys

17:57:58.0724 1652 dot4 - ok

17:57:58.0784 1652 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:57:58.0794 1652 Dot4Print - ok

17:57:58.0804 1652 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys

17:57:58.0804 1652 Dot4Scan - ok

17:57:58.0824 1652 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

17:57:58.0834 1652 dot4usb - ok

17:57:58.0874 1652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

17:57:58.0884 1652 DPS - ok

17:57:58.0904 1652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:57:58.0914 1652 drmkaud - ok

17:57:58.0956 1652 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

17:57:58.0956 1652 dsNcAdpt - ok

17:57:59.0065 1652 [ A6B5ECF684769A99D96175F9D1E1337C ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

17:57:59.0065 1652 dsNcService - ok

17:57:59.0126 1652 [ 5C7E2097B91D689DED7A6FF90F0F3A25 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:57:59.0156 1652 DXGKrnl - ok

17:57:59.0216 1652 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

17:57:59.0216 1652 E1G60 - ok

17:57:59.0276 1652 [ 0DC2665363C769FF0AA3B30FA73D69D6 ] E2ECAM C:\Windows\system32\DRIVERS\wavedt.sys

17:57:59.0276 1652 E2ECAM - ok

17:57:59.0346 1652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

17:57:59.0346 1652 EapHost - ok

17:57:59.0426 1652 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

17:57:59.0436 1652 Ecache - ok

17:57:59.0436 1652 eeef - ok

17:57:59.0506 1652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:57:59.0516 1652 ehRecvr - ok

17:57:59.0576 1652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

17:57:59.0576 1652 ehSched - ok

17:57:59.0616 1652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

17:57:59.0616 1652 ehstart - ok

17:57:59.0686 1652 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

17:57:59.0686 1652 elxstor - ok

17:57:59.0766 1652 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

17:57:59.0776 1652 EMDMgmt - ok

17:57:59.0796 1652 esgiguard - ok

17:57:59.0896 1652 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

17:57:59.0896 1652 EventSystem - ok

17:57:59.0976 1652 [ 298C8F404968A600D1C298D43783BDB8 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

17:57:59.0986 1652 EvtEng - ok

17:58:00.0056 1652 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

17:58:00.0066 1652 exfat - ok

17:58:00.0106 1652 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:58:00.0116 1652 fastfat - ok

17:58:00.0156 1652 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:58:00.0156 1652 fdc - ok

17:58:00.0226 1652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

17:58:00.0226 1652 fdPHost - ok

17:58:00.0266 1652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

17:58:00.0276 1652 FDResPub - ok

17:58:00.0306 1652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:58:00.0306 1652 FileInfo - ok

17:58:00.0366 1652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:58:00.0366 1652 Filetrace - ok

17:58:00.0506 1652 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:58:00.0546 1652 FLEXnet Licensing Service - ok

17:58:00.0586 1652 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:58:00.0586 1652 flpydisk - ok

17:58:00.0676 1652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:58:00.0696 1652 FltMgr - ok

17:58:00.0776 1652 [ D49705F25390265CAD9B620F55EA968C ] FontCache C:\Windows\system32\FntCache.dll

17:58:00.0816 1652 FontCache - ok

17:58:00.0936 1652 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:58:00.0956 1652 FontCache3.0.0.0 - ok

17:58:00.0986 1652 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:58:00.0986 1652 Fs_Rec - ok

17:58:01.0036 1652 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

17:58:01.0036 1652 gagp30kx - ok

17:58:01.0156 1652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

17:58:01.0186 1652 gpsvc - ok

17:58:01.0226 1652 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

17:58:01.0226 1652 hamachi - ok

17:58:01.0306 1652 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:58:01.0316 1652 HdAudAddService - ok

17:58:01.0466 1652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

17:58:01.0546 1652 HDAudBus - ok

17:58:01.0596 1652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

17:58:01.0596 1652 HidBth - ok

17:58:01.0656 1652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

17:58:01.0676 1652 HidIr - ok

17:58:01.0716 1652 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

17:58:01.0716 1652 hidserv - ok

17:58:01.0736 1652 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:58:01.0756 1652 HidUsb - ok

17:58:01.0806 1652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:58:01.0806 1652 hkmsvc - ok

17:58:01.0856 1652 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

17:58:01.0876 1652 HpCISSs - ok

17:58:01.0926 1652 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:58:01.0946 1652 HTTP - ok

17:58:01.0996 1652 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

17:58:02.0016 1652 i2omp - ok

17:58:02.0076 1652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:58:02.0122 1652 i8042prt - ok

17:58:02.0184 1652 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:58:02.0184 1652 iaStor - ok

17:58:02.0215 1652 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

17:58:02.0231 1652 iaStorV - ok

17:58:02.0342 1652 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:58:02.0362 1652 idsvc - ok

17:58:02.0362 1652 igfx - ok

17:58:02.0392 1652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

17:58:02.0392 1652 iirsp - ok

17:58:02.0472 1652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

17:58:02.0482 1652 IKEEXT - ok

17:58:02.0492 1652 IntcAzAudAddService - ok

17:58:02.0532 1652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

17:58:02.0532 1652 intelide - ok

17:58:02.0542 1652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:58:02.0542 1652 intelppm - ok

17:58:02.0612 1652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:58:02.0612 1652 IPBusEnum - ok

17:58:02.0662 1652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:58:02.0662 1652 IpFilterDriver - ok

17:58:02.0692 1652 [ 7F83B06A929A981BC001B2EA304D2036 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:58:02.0692 1652 iphlpsvc - ok

17:58:02.0702 1652 IpInIp - ok

17:58:02.0752 1652 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

17:58:02.0752 1652 IPMIDRV - ok

17:58:02.0812 1652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

17:58:02.0812 1652 IPNAT - ok

17:58:02.0872 1652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:58:02.0872 1652 IRENUM - ok

17:58:02.0912 1652 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:58:02.0912 1652 isapnp - ok

17:58:03.0002 1652 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

17:58:03.0012 1652 iScsiPrt - ok

17:58:03.0062 1652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

17:58:03.0062 1652 iteatapi - ok

17:58:03.0112 1652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

17:58:03.0112 1652 iteraid - ok

17:58:03.0182 1652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:58:03.0182 1652 kbdclass - ok

17:58:03.0222 1652 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

17:58:03.0232 1652 kbdhid - ok

17:58:03.0272 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe

17:58:03.0272 1652 KeyIso - ok

17:58:03.0332 1652 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:58:03.0362 1652 KSecDD - ok

17:58:03.0442 1652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

17:58:03.0452 1652 KtmRm - ok

17:58:03.0502 1652 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

17:58:03.0512 1652 LanmanServer - ok

17:58:03.0542 1652 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:58:03.0552 1652 LanmanWorkstation - ok

17:58:03.0592 1652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:58:03.0602 1652 lltdio - ok

17:58:03.0652 1652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:58:03.0652 1652 lltdsvc - ok

17:58:03.0692 1652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:58:03.0692 1652 lmhosts - ok

17:58:03.0742 1652 LMIInfo - ok

17:58:03.0792 1652 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

17:58:03.0792 1652 lmimirr - ok

17:58:03.0802 1652 LMIRfsClientNP - ok

17:58:03.0832 1652 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

17:58:03.0832 1652 LMIRfsDriver - ok

17:58:03.0872 1652 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys

17:58:03.0902 1652 LPCFilter - ok

17:58:03.0932 1652 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

17:58:03.0932 1652 LSI_FC - ok

17:58:03.0992 1652 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

17:58:03.0992 1652 LSI_SAS - ok

17:58:04.0022 1652 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

17:58:04.0022 1652 LSI_SCSI - ok

17:58:04.0062 1652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

17:58:04.0062 1652 luafv - ok

17:58:04.0072 1652 LVcKap - ok

17:58:04.0082 1652 LVMVDrv - ok

17:58:04.0202 1652 [ FF6E9C169F3372D0046DEDBE63E461F2 ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys

17:58:04.0272 1652 lvpopflt - ok

17:58:04.0282 1652 LVPr2Mon - ok

17:58:04.0302 1652 LVPrcSrv - ok

17:58:04.0342 1652 [ F7D667093387A389D2D90CCE7178B3A5 ] lvselsus C:\Windows\system32\DRIVERS\lvselsus.sys

17:58:04.0342 1652 lvselsus - ok

17:58:04.0392 1652 [ CCFF53B1FCDFA9EDE919E3BDBD10D0FD ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys

17:58:04.0392 1652 LVUSBSta - ok

17:58:04.0482 1652 [ 9C1123052624356CD7C05D5C5767BF57 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys

17:58:04.0532 1652 LVUVC - ok

17:58:04.0632 1652 [ 677FB31C7F6140FD97C91FF3929B702A ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

17:58:04.0662 1652 MaxBackServiceInt - ok

17:58:04.0722 1652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:58:04.0732 1652 Mcx2Svc - ok

17:58:04.0902 1652 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

17:58:04.0902 1652 MDM - ok

17:58:04.0952 1652 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

17:58:04.0952 1652 megasas - ok

17:58:05.0102 1652 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

17:58:05.0102 1652 Microsoft Office Groove Audit Service - ok

17:58:05.0162 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

17:58:05.0162 1652 MMCSS - ok

17:58:05.0202 1652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

17:58:05.0202 1652 Modem - ok

17:58:05.0252 1652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:58:05.0252 1652 monitor - ok

17:58:05.0262 1652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:58:05.0272 1652 mouclass - ok

17:58:05.0282 1652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:58:05.0282 1652 mouhid - ok

17:58:05.0302 1652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\DRIVERS\MOUNTMGR.SYS

17:58:05.0312 1652 MountMgr - ok

17:58:05.0362 1652 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:58:05.0362 1652 MozillaMaintenance - ok

17:58:05.0402 1652 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

17:58:05.0412 1652 MpFilter - ok

17:58:05.0452 1652 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

17:58:05.0452 1652 mpio - ok

17:58:05.0492 1652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:58:05.0492 1652 mpsdrv - ok

17:58:05.0532 1652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

17:58:05.0532 1652 Mraid35x - ok

17:58:05.0602 1652 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:58:05.0602 1652 MRxDAV - ok

17:58:05.0662 1652 [ 454341E652BDF5E01B0F2140232B073E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:58:05.0662 1652 mrxsmb - ok

17:58:05.0692 1652 [ 2A4901AFF069944FA945ED5BBF4DCDE3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:58:05.0702 1652 mrxsmb10 - ok

17:58:05.0722 1652 [ 28B3F1AB44BDD4432C041581412F17D9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:58:05.0722 1652 mrxsmb20 - ok

17:58:05.0742 1652 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys

17:58:05.0742 1652 msahci - ok

17:58:05.0772 1652 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:58:05.0782 1652 msdsm - ok

17:58:05.0822 1652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

17:58:05.0832 1652 MSDTC - ok

17:58:05.0882 1652 [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV C:\Windows\system32\DRIVERS\msdv.sys

17:58:05.0882 1652 MSDV - ok

17:58:05.0922 1652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:58:05.0922 1652 Msfs - ok

17:58:05.0942 1652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:58:05.0952 1652 msisadrv - ok

17:58:06.0002 1652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:58:06.0002 1652 MSiSCSI - ok

17:58:06.0012 1652 msiserver - ok

17:58:06.0092 1652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:58:06.0092 1652 MSKSSRV - ok

17:58:06.0152 1652 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

17:58:06.0152 1652 MsMpSvc - ok

17:58:06.0182 1652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:58:06.0182 1652 MSPCLOCK - ok

17:58:06.0222 1652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:58:06.0232 1652 MSPQM - ok

17:58:06.0322 1652 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:58:06.0322 1652 MsRPC - ok

17:58:06.0342 1652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

17:58:06.0342 1652 mssmbios - ok

17:58:06.0362 1652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:58:06.0362 1652 MSTEE - ok

17:58:06.0392 1652 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

17:58:06.0392 1652 Mup - ok

17:58:06.0432 1652 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys

17:58:06.0432 1652 MXOPSWD - ok

17:58:06.0492 1652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

17:58:06.0512 1652 napagent - ok

17:58:06.0592 1652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:58:06.0602 1652 NativeWifiP - ok

17:58:06.0692 1652 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:58:06.0722 1652 NDIS - ok

17:58:06.0772 1652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:58:06.0772 1652 NdisTapi - ok

17:58:06.0822 1652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:58:06.0832 1652 Ndisuio - ok

17:58:06.0852 1652 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:58:06.0852 1652 NdisWan - ok

17:58:06.0892 1652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:58:06.0892 1652 NDProxy - ok

17:58:06.0912 1652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:58:06.0912 1652 NetBIOS - ok

17:58:06.0982 1652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

17:58:06.0982 1652 netbt - ok

17:58:07.0023 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe

17:58:07.0023 1652 Netlogon - ok

17:58:07.0070 1652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

17:58:07.0070 1652 Netman - ok

17:58:07.0132 1652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

17:58:07.0132 1652 netprofm - ok

17:58:07.0189 1652 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:58:07.0189 1652 NetTcpPortSharing - ok

17:58:07.0329 1652 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys

17:58:07.0429 1652 NETw4v32 - ok

17:58:07.0479 1652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

17:58:07.0479 1652 nfrd960 - ok

17:58:07.0549 1652 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:58:07.0549 1652 NisDrv - ok

17:58:07.0609 1652 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

17:58:07.0619 1652 NisSrv - ok

17:58:07.0719 1652 [ D78F02AFC7C3422D6EA1EA823D4957C7 ] NitroDriverReadSpool C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe

17:58:07.0719 1652 NitroDriverReadSpool - ok

17:58:07.0789 1652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:58:07.0789 1652 NlaSvc - ok

17:58:07.0849 1652 [ 00602D89A2564414E6F81DB0F2E24685 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE

17:58:07.0849 1652 nlsX86cc - ok

17:58:07.0909 1652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:58:07.0919 1652 Npfs - ok

17:58:07.0969 1652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

17:58:07.0969 1652 nsi - ok

17:58:08.0009 1652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:58:08.0009 1652 nsiproxy - ok

17:58:08.0149 1652 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:58:08.0219 1652 Ntfs - ok

17:58:08.0279 1652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

17:58:08.0279 1652 ntrigdigi - ok

17:58:08.0349 1652 [ C2C0FF5F58DC258B77A799E0F8B5925C ] NTService1 C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

17:58:08.0359 1652 NTService1 - ok

17:58:08.0379 1652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

17:58:08.0379 1652 Null - ok

17:58:08.0419 1652 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:58:08.0439 1652 nvraid - ok

17:58:08.0469 1652 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:58:08.0469 1652 nvstor - ok

17:58:08.0519 1652 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:58:08.0519 1652 nv_agp - ok

17:58:08.0529 1652 NwlnkFlt - ok

17:58:08.0539 1652 NwlnkFwd - ok

17:58:08.0639 1652 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:58:08.0649 1652 odserv - ok

17:58:08.0719 1652 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

17:58:08.0719 1652 ohci1394 - ok

17:58:08.0789 1652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:58:08.0789 1652 ose - ok

17:58:08.0879 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

17:58:08.0889 1652 p2pimsvc - ok

17:58:08.0939 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

17:58:08.0949 1652 p2psvc - ok

17:58:08.0999 1652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

17:58:08.0999 1652 Parport - ok

17:58:09.0059 1652 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:58:09.0059 1652 partmgr - ok

17:58:09.0089 1652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

17:58:09.0089 1652 Parvdm - ok

17:58:09.0149 1652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

17:58:09.0149 1652 PcaSvc - ok

17:58:09.0219 1652 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

17:58:09.0219 1652 pci - ok

17:58:09.0280 1652 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys

17:58:09.0280 1652 pciide - ok

17:58:09.0363 1652 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:58:09.0363 1652 pcmcia - ok

17:58:09.0433 1652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:58:09.0473 1652 PEAUTH - ok

17:58:09.0593 1652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

17:58:09.0663 1652 pla - ok

17:58:09.0733 1652 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:58:09.0743 1652 PlugPlay - ok

17:58:09.0813 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

17:58:09.0823 1652 PNRPAutoReg - ok

17:58:09.0863 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

17:58:09.0873 1652 PNRPsvc - ok

17:58:09.0913 1652 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:58:09.0923 1652 PolicyAgent - ok

17:58:09.0943 1652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:58:09.0943 1652 PptpMiniport - ok

17:58:09.0993 1652 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

17:58:09.0993 1652 Processor - ok

17:58:10.0093 1652 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

17:58:10.0103 1652 ProfSvc - ok

17:58:10.0113 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe

17:58:10.0123 1652 ProtectedStorage - ok

17:58:10.0193 1652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

17:58:10.0193 1652 PSched - ok

17:58:10.0203 1652 qekfvmer - ok

17:58:10.0283 1652 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

17:58:10.0463 1652 ql2300 - ok

17:58:10.0493 1652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

17:58:10.0503 1652 ql40xx - ok

17:58:10.0553 1652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

17:58:10.0563 1652 QWAVE - ok

17:58:10.0593 1652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:58:10.0603 1652 QWAVEdrv - ok

17:58:10.0643 1652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:58:10.0643 1652 RasAcd - ok

17:58:10.0703 1652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

17:58:10.0703 1652 RasAuto - ok

17:58:10.0763 1652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:58:10.0763 1652 Rasl2tp - ok

17:58:10.0833 1652 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

17:58:10.0843 1652 RasMan - ok

17:58:10.0903 1652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:58:10.0903 1652 RasPppoe - ok

17:58:10.0973 1652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:58:10.0983 1652 RasSstp - ok

17:58:11.0053 1652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:58:11.0063 1652 rdbss - ok

17:58:11.0083 1652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:58:11.0083 1652 RDPCDD - ok

17:58:11.0143 1652 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

17:58:11.0143 1652 rdpdr - ok

17:58:11.0153 1652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:58:11.0153 1652 RDPENCDD - ok

17:58:11.0213 1652 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:58:11.0223 1652 RDPWD - ok

17:58:11.0273 1652 [ 83A5D92ACE4465C667D1D55FCDAB2658 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

17:58:11.0283 1652 RegSrvc - ok

17:58:11.0313 1652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:58:11.0313 1652 RemoteAccess - ok

17:58:11.0373 1652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:58:11.0383 1652 RemoteRegistry - ok

17:58:11.0413 1652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

17:58:11.0413 1652 RpcLocator - ok

17:58:11.0485 1652 [ 449BF2E12822299C0B153B61C5B8D58E ] rpcnet C:\Windows\system32\rpcnet.exe

17:58:11.0485 1652 rpcnet - ok

17:58:11.0532 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

17:58:11.0548 1652 RpcSs - ok

17:58:11.0579 1652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:58:11.0579 1652 rspndr - ok

17:58:11.0604 1652 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

17:58:11.0614 1652 RTL8169 - ok

17:58:11.0634 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe

17:58:11.0634 1652 SamSs - ok

17:58:11.0674 1652 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

17:58:11.0674 1652 SASDIFSV - ok

17:58:11.0694 1652 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

17:58:11.0704 1652 SASKUTIL - ok

17:58:11.0744 1652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:58:11.0744 1652 sbp2port - ok

17:58:11.0924 1652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:58:11.0934 1652 SCardSvr - ok

17:58:12.0014 1652 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll

17:58:12.0024 1652 Schedule - ok

17:58:12.0044 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

17:58:12.0054 1652 SCPolicySvc - ok

17:58:12.0104 1652 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

17:58:12.0114 1652 sdbus - ok

17:58:12.0144 1652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:58:12.0154 1652 SDRSVC - ok

17:58:12.0174 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:58:12.0174 1652 secdrv - ok

17:58:12.0214 1652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

17:58:12.0214 1652 seclogon - ok

17:58:12.0234 1652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll

17:58:12.0244 1652 SENS - ok

17:58:12.0274 1652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

17:58:12.0284 1652 Serenum - ok

17:58:12.0314 1652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

17:58:12.0314 1652 Serial - ok

17:58:12.0374 1652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

17:58:12.0374 1652 sermouse - ok

17:58:12.0454 1652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

17:58:12.0454 1652 SessionEnv - ok

17:58:12.0494 1652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

17:58:12.0494 1652 sffdisk - ok

17:58:12.0534 1652 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:58:12.0544 1652 sffp_mmc - ok

17:58:12.0594 1652 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

17:58:12.0594 1652 sffp_sd - ok

17:58:12.0614 1652 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

17:58:12.0634 1652 sfloppy - ok

17:58:12.0714 1652 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:58:12.0724 1652 ShellHWDetection - ok

17:58:12.0764 1652 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

17:58:12.0764 1652 sisagp - ok

17:58:12.0804 1652 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

17:58:12.0804 1652 SiSRaid2 - ok

17:58:12.0834 1652 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

17:58:12.0844 1652 SiSRaid4 - ok

17:58:13.0064 1652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

17:58:13.0204 1652 slsvc - ok

17:58:13.0294 1652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

17:58:13.0294 1652 SLUINotify - ok

17:58:13.0354 1652 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:58:13.0354 1652 Smb - ok

17:58:13.0404 1652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:58:13.0404 1652 SNMPTRAP - ok

17:58:13.0464 1652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

17:58:13.0464 1652 spldr - ok

17:58:13.0494 1652 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe

17:58:13.0504 1652 Spooler - ok

17:58:13.0554 1652 [ FF3CBC13DB84D81F56931BC922CC37C4 ] srv C:\Windows\system32\DRIVERS\srv.sys

17:58:13.0564 1652 srv - ok

17:58:13.0604 1652 [ D15959D9F69F0D39A0153E9C244F20DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:58:13.0614 1652 srv2 - ok

17:58:13.0644 1652 [ FAA0D553A49E85008C6BB3781987C574 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:58:13.0644 1652 srvnet - ok

17:58:13.0686 1652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:58:13.0686 1652 SSDPSRV - ok

17:58:13.0764 1652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:58:13.0764 1652 SstpSvc - ok

17:58:13.0844 1652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

17:58:13.0854 1652 stisvc - ok

17:58:13.0874 1652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

17:58:13.0874 1652 swenum - ok

17:58:13.0954 1652 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

17:58:13.0964 1652 swprv - ok

17:58:14.0014 1652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

17:58:14.0014 1652 Symc8xx - ok

17:58:14.0044 1652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

17:58:14.0044 1652 Sym_hi - ok

17:58:14.0074 1652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

17:58:14.0074 1652 Sym_u3 - ok

17:58:14.0134 1652 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

17:58:14.0134 1652 SynTP - ok

17:58:14.0224 1652 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

17:58:14.0234 1652 SysMain - ok

17:58:14.0264 1652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:58:14.0264 1652 TabletInputService - ok

17:58:14.0334 1652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:58:14.0344 1652 TapiSrv - ok

17:58:14.0374 1652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

17:58:14.0384 1652 TBS - ok

17:58:14.0454 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:58:14.0534 1652 Tcpip - ok

17:58:14.0624 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

17:58:14.0634 1652 Tcpip6 - ok

17:58:14.0684 1652 [ 9BF343F4C878D6AD6922B2C5A4FEFE0D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:58:14.0684 1652 tcpipreg - ok

17:58:14.0724 1652 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys

17:58:14.0724 1652 tdcmdpst - ok

17:58:14.0774 1652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:58:14.0774 1652 TDPIPE - ok

17:58:14.0804 1652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:58:14.0804 1652 TDTCP - ok

17:58:14.0874 1652 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:58:14.0874 1652 tdx - ok

17:58:14.0904 1652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

17:58:14.0904 1652 TermDD - ok

17:58:14.0974 1652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

17:58:14.0984 1652 TermService - ok

17:58:15.0024 1652 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll

17:58:15.0034 1652 Themes - ok

17:58:15.0074 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

17:58:15.0074 1652 THREADORDER - ok

17:58:15.0124 1652 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys

17:58:15.0134 1652 tifm21 - ok

17:58:15.0254 1652 [ 1F9A37B633C11EBE5D68137645FA1337 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe

17:58:15.0254 1652 TNaviSrv - ok

17:58:15.0314 1652 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe

17:58:15.0314 1652 TODDSrv - ok

17:58:15.0384 1652 [ 6A54C28B53C6B50D333C8EE974C6B208 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

17:58:15.0394 1652 TosCoSrv - ok

17:58:15.0434 1652 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

17:58:15.0434 1652 TOSHIBA Bluetooth Service - ok

17:58:15.0444 1652 Tosrfcom - ok

17:58:15.0464 1652 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys

17:58:15.0464 1652 tosrfec - ok

17:58:15.0494 1652 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys

17:58:15.0494 1652 tos_sps32 - ok

17:58:15.0504 1652 TpChoice - ok

17:58:15.0584 1652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

17:58:15.0584 1652 TrkWks - ok

17:58:15.0674 1652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:58:15.0674 1652 TrustedInstaller - ok

17:58:15.0744 1652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:58:15.0744 1652 tssecsrv - ok

17:58:15.0784 1652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

17:58:15.0784 1652 tunmp - ok

17:58:15.0804 1652 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:58:15.0814 1652 tunnel - ok

17:58:15.0865 1652 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

17:58:15.0865 1652 TVALZ - ok

17:58:15.0896 1652 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

17:58:15.0912 1652 uagp35 - ok

17:58:15.0957 1652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:58:15.0967 1652 udfs - ok

17:58:16.0027 1652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:58:16.0027 1652 UI0Detect - ok

17:58:16.0107 1652 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

17:58:16.0107 1652 UleadBurningHelper - ok

17:58:16.0157 1652 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:58:16.0157 1652 uliagpkx - ok

17:58:16.0197 1652 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

17:58:16.0207 1652 uliahci - ok

17:58:16.0237 1652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

17:58:16.0247 1652 UlSata - ok

17:58:16.0277 1652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

17:58:16.0287 1652 ulsata2 - ok

17:58:16.0317 1652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:58:16.0317 1652 umbus - ok

17:58:16.0347 1652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

17:58:16.0357 1652 upnphost - ok

17:58:16.0427 1652 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

17:58:16.0427 1652 usbaudio - ok

17:58:16.0477 1652 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:58:16.0477 1652 usbccgp - ok

17:58:16.0517 1652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:58:16.0517 1652 usbcir - ok

17:58:16.0547 1652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:58:16.0547 1652 usbehci - ok

17:58:16.0577 1652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:58:16.0587 1652 usbhub - ok

17:58:16.0627 1652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:58:16.0627 1652 usbohci - ok

17:58:16.0647 1652 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys

17:58:16.0647 1652 usbprint - ok

17:58:16.0657 1652 Usbrfcddworb - ok

17:58:16.0687 1652 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:58:16.0687 1652 USBSTOR - ok

17:58:16.0737 1652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:58:16.0737 1652 usbuhci - ok

17:58:16.0807 1652 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

17:58:16.0817 1652 usbvideo - ok

17:58:16.0857 1652 [ 3B929A72AAEA96DC0150D3A6DA268C89 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS

17:58:16.0857 1652 UVCFTR - ok

17:58:16.0927 1652 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

17:58:16.0927 1652 UxSms - ok

17:58:16.0997 1652 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

17:58:17.0007 1652 vds - ok

17:58:17.0057 1652 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:58:17.0057 1652 vga - ok

17:58:17.0127 1652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

17:58:17.0127 1652 VgaSave - ok

17:58:17.0167 1652 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

17:58:17.0167 1652 viaagp - ok

17:58:17.0197 1652 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

17:58:17.0197 1652 ViaC7 - ok

17:58:17.0227 1652 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

17:58:17.0237 1652 viaide - ok

17:58:17.0277 1652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:58:17.0277 1652 volmgr - ok

17:58:17.0377 1652 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:58:17.0387 1652 volmgrx - ok

17:58:17.0457 1652 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:58:17.0457 1652 volsnap - ok

17:58:17.0507 1652 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

17:58:17.0507 1652 vsmraid - ok

17:58:17.0617 1652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

17:58:17.0687 1652 VSS - ok

17:58:17.0767 1652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

17:58:17.0767 1652 W32Time - ok

17:58:17.0807 1652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

17:58:17.0807 1652 WacomPen - ok

17:58:17.0847 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

17:58:17.0847 1652 Wanarp - ok

17:58:17.0857 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:58:17.0857 1652 Wanarpv6 - ok

17:58:17.0897 1652 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:58:17.0927 1652 wcncsvc - ok

17:58:17.0977 1652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:58:17.0977 1652 WcsPlugInService - ok

17:58:18.0038 1652 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

17:58:18.0054 1652 Wd - ok

17:58:18.0148 1652 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:58:18.0179 1652 Wdf01000 - ok

17:58:18.0219 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:58:18.0219 1652 WdiServiceHost - ok

17:58:18.0229 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:58:18.0239 1652 WdiSystemHost - ok

17:58:18.0309 1652 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

17:58:18.0319 1652 WebClient - ok

17:58:18.0359 1652 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:58:18.0369 1652 Wecsvc - ok

17:58:18.0399 1652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:58:18.0409 1652 wercplsupport - ok

17:58:18.0479 1652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

17:58:18.0479 1652 WerSvc - ok

17:58:18.0569 1652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

17:58:18.0579 1652 WinDefend - ok

17:58:18.0589 1652 WinHttpAutoProxySvc - ok

17:58:18.0729 1652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:58:18.0729 1652 Winmgmt - ok

17:58:18.0799 1652 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll

17:58:18.0849 1652 WinRM - ok

17:58:18.0939 1652 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

17:58:18.0949 1652 Wlansvc - ok

17:58:19.0119 1652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:58:19.0139 1652 wlidsvc - ok

17:58:19.0179 1652 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:58:19.0179 1652 WmiAcpi - ok

17:58:19.0239 1652 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:58:19.0249 1652 wmiApSrv - ok

17:58:19.0339 1652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

17:58:19.0359 1652 WMPNetworkSvc - ok

17:58:19.0429 1652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:58:19.0439 1652 WPCSvc - ok

17:58:19.0449 1652 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:58:19.0459 1652 WPDBusEnum - ok

17:58:19.0499 1652 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

17:58:19.0499 1652 WpdUsb - ok

17:58:19.0569 1652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:58:19.0579 1652 ws2ifsl - ok

17:58:19.0629 1652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

17:58:19.0639 1652 wscsvc - ok

17:58:19.0639 1652 WSearch - ok

17:58:19.0769 1652 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

17:58:19.0849 1652 wuauserv - ok

17:58:19.0889 1652 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:58:19.0899 1652 WUDFRd - ok

17:58:19.0929 1652 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:58:19.0939 1652 wudfsvc - ok

17:58:19.0959 1652 ================ Scan global ===============================

17:58:20.0029 1652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

17:58:20.0099 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll

17:58:20.0119 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll

17:58:20.0179 1652 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe

17:58:20.0189 1652 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected

17:58:20.0189 1652 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)

17:58:20.0189 1652 ================ Scan MBR ==================================

17:58:20.0219 1652 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

17:58:21.0012 1652 \Device\Harddisk0\DR0 - ok

17:58:21.0012 1652 ================ Scan VBR ==================================

17:58:21.0012 1652 [ 11BDF00FBCC8339B1709AF6089A9C9A1 ] \Device\Harddisk0\DR0\Partition1

17:58:21.0022 1652 \Device\Harddisk0\DR0\Partition1 - ok

17:58:21.0082 1652 [ E46E1BE5C2222A78FA6E9446F9B20CC4 ] \Device\Harddisk0\DR0\Partition2

17:58:21.0082 1652 \Device\Harddisk0\DR0\Partition2 - ok

17:58:21.0082 1652 ============================================================

17:58:21.0082 1652 Scan finished

17:58:21.0082 1652 ============================================================

17:58:21.0102 4768 Detected object count: 1

17:58:21.0102 4768 Actual detected object count: 1

17:58:40.0893 4768 C:\Windows\system32\services.exe - copied to quarantine

17:58:43.0494 4768 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine

17:58:43.0824 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - copied to quarantine

17:58:58.0737 4768 Backup copy found, using it..

17:58:58.0897 4768 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot

17:58:59.0137 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - will be deleted on reboot

17:58:59.0197 4768 C:\Windows\system32\services.exe - will be cured on reboot

17:58:59.0197 4768 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure

17:59:36.0837 5296 Deinitialize success

========================================================================

C:\ProgramData\netdislw.js JS/Agent.NID trojan

C:\Users\All Users\netdislw.js JS/Agent.NID trojan

C:\Windows\System32\DBBK\6D5483DA06CB7B45F205C51D87EB6D1A Win32/Sirefef.FA trojan

C:\Windows\System32\DBBK\6E71F4274113197AD75262AF24FB1B09 Win32/Conedex.E trojan

C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan

C:\Windows\System32\DBBK\8737764F4FD36D6808EE80578409C843 Win32/Sirefef.FB.Gen trojan

C:\Windows\System32\DBBK\D30CEF5730C307FC524F11F228C6E8B8 a variant of Win32/Sirefef.FD trojan

C:\Windows\System32\DBBK\FE2EB24E6BD36B8BE3869ECE85AA72BC Win32/Conedex.D trojan

============================================================================

RogueKiller V8.4.2 [Dec 31 2012] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html

Site Web : http://www.sur-la-toile.com/RogueKiller/

Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Demarrage : Mode normal

Utilisateur : Luc Duranleau [Droits d'admin]

Mode : Recherche -- Date : 04/01/2013 02:58:19

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 1 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (fpro.rtss.qc.ca:8080) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHX2250BT +++++

--- User ---

[MBR] 0c3f8c5caf4d0fcc079e4155977e3ab0

[bSP] 87042bb57fab562d2f4fd0a527263a3f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 225483 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 464863232 | Size: 6023 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477198336 | Size: 5468 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Termine : << RKreport[5]_S_04012013_025819.txt >>

RKreport[1]_S_04012013_025407.txt ; RKreport[2]_D_04012013_025507.txt ; RKreport[3]_PR_04012013_025727.txt ; RKreport[4]_PR_04012013_025735.txt ; RKreport[5]_S_04012013_025819.txt

Link to post
Share on other sites

Hi,

One last thing, do I have to uninstall and reinstall ComboFix before proceeding?

Luc

?

Why on earth would you think so? Nowhere in the instruction does it say to do that so your question has me puzzled. Regardless, to answer your question...no. Installing combofix as the instruction indicates is sufficient. I'm just curious now as to whether you ran combofix previously either on your own, or under the direction of some other assistant on some other web site. The log you produced from your combofix scan indicated to me that it had been run a total of three times. The fact that the other logs aren't located where they are supposed to be also has me puzzled. The only reason for it that I can think of is that you, or someone with access, had deleted them at some other help session.

Bottom line is, I just need to see the next combofix log that is produced after you run the cfscript I wrote for you. And, by the way, the tdsskiller log indicated the zeroaccess infection as well. That scan log though, also shows that it was dealt with successfully and the core file that was infected had also been replaced. That very act itself would be considered "tampering" as it relates to the Windows validation issue...likewise with the initial infection. In any case, the infected file found during that scan was removed and replaced with a valid copy found. The issue at present, with the cf scan log, is a different infection entirely. That's why I asked for the other scan logs as it is likely that some needed files were present when those other scans were made. If you cannot locate them, I would like to know the history behind your usage of the combofix utility as the fact is for now...some software may need to be reinstalled...which may well include the operating system itself. We shall see...

Please post the latest cf log produced from the above instructions. Thanks!

Link to post
Share on other sites

I'd also like to mention that your claim as indicated by the thread title "Malawarebytes affects windows licensing authentification" doesn't hold water...as the evidence now seems to be related to the combination of utilities you used previously between the tdsskiller scan and your previous usage of the combofix utilities. Those scans seem to be the earliest scans wherein an infection was present that would indeed have tampered with system core files, with the primary suspect being the tdsskiller utility. Combofix may also have been a good suspect but we won't know without the evidence that would be present during those previous scans. The logs from THOSE scans would be most valuable now. Without them, this issue may remain mysterious. As you can see, using those utilities without direction from some trained user can have some dire consequences.

Link to post
Share on other sites

Hi,

I just wanted to be sure as other posts I have read mentionned this when trying to run ComboFix a second time.

As for the claim, I am sorry if it is interpreted this way. It was not my intention. I simply checked the time the authentication problem occured and the reboot I did after the

Malaware disinfection. The issue is obviously more complex than that as I can well see. Please do not

As for ComboFix. I did run it after the problem began to manifest itself. It ran and asked to reboot. On reboot, it started up again with a message saying it was preparing

a report. It hung there and I had to close the window after a long wait. I then uninstalled it. This probably deleted the log files in the folder. My mistake.

Will run your script now.

Luc

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.