Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 cookiemonster1

cookiemonster1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 05 August 2012 - 11:10 PM

My laptop (running Windows 7 home premium 64-bit) has been infected with Zero Access Trojan (as reported by McAfee). McAfee detected it & mentioned the following location (c:\windows\assembly\GAC_64\desktop.ini). However it could not fix or remove the file.

The internet access got disabled. McAfee's firewall got disabled & Microsoft Security Essentials service itself has been removed & is no longer running. Windows firewall config has also been disabled/hijacked. I read other threads on this Trojan & first ran RKill & then tried using McAfee's RootkitRemover & Stinger followed by Malwarebytes Anti-Malware, Symantec's FixZeroAccess & Kaspersky's TDSSKiller. None of these could report anything or fix it (I ran all of these as administrator in normal & safe mode with networking).

Later from reading another thread i tried using RogueKiller (by Tigzy) to remove them. RogueKiller detected the ZeroAccess infection & showed a few registry entries & files. On deleting them as suggested & scanning again i did not find anything. Later a scan with McAfee also did not report it anymore. I also scanned with SUPERAntiSpyware & it also did not report anything except some tracking cookies which i removed as suggested.

However i am not sure if its been completely removed as the internet access is still disabled & i cannot enable McAfee's firewall or the Windows one.

Please help nail this one. I can attach the GMER & DDS logs if needed.

Thanks

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 10 August 2012 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464052 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 11 August 2012 - 04:26 PM

Hello cookiemonster1,

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Please copy and paste all logs here, do not attach unless instructed.
  • If you have no internet, you can use a flashdrive to download the tools onto. Then run them on the infected machine and save the logs, then copy and paste the logs here from another computer.

==========

First, a warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do!

If you would still like to continue with the cleaning process anyway, then please read on:

==========

:step1:
I need to see some information about what is happening on your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results. And attach.txt will be minimized.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

:step2:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

==========

:step3:
Please also post the MBAM log from when you say you were infected:

  • Start Malwarebytes.
  • Click on the Logs tab
  • Find the log with the most recent date. Open (double-click) it, then copy and paste the log here!

==========

What I would like to see in your next reply!

  • The DDS log
  • The minimized attach.txt from the DDS scan
  • The aswMBR log
  • The old Malwarebytes log
bloopie

Edited by bloopie, 11 August 2012 - 05:39 PM.


#4 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 15 August 2012 - 04:09 AM

Hi bloopie,

First a big thanks for your response & help.

Though i didn't order the Windows DVD seperately i had created recovery DVDs immediately after i purchased the laptop. So i guess i can still recover.

But lets proceed with the cleaning process for now.

Below are the logs requested,

1. The DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Muthu Kumaran at 20:11:45 on 2012-08-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2886 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622233102.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Muthu Kumaran\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: Interfaces\{896D31C4-E9F6-4F13-89B7-EDA41BCE9642} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8BC08C1-2C3F-40D7-BC08-FD32C0C59F74} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8BC08C1-2C3F-40D7-BC08-FD32C0C59F74}\3496D6D656279616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B8BC08C1-2C3F-40D7-BC08-FD32C0C59F74}\5562D454D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B8BC08C1-2C3F-40D7-BC08-FD32C0C59F74}\C4964747C65635861627B6D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622233102.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Muthu Kumaran\AppData\Roaming\Mozilla\Firefox\Profiles\12gmi3xt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Muthu Kumaran\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Muthu Kumaran\AppData\Roaming\Mozilla\Firefox\Profiles\12gmi3xt.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Users\Muthu Kumaran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Muthu Kumaran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vflt;Shrew Soft Lightweight Filter;C:\windows\system32\DRIVERS\vfilter.sys --> C:\windows\system32\DRIVERS\vfilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-20 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-20 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-20 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-20 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-6-23 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2011-3-24 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-24 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-20 249936]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NMgamingmsFltr;USB Optical Mouse;C:\windows\system32\drivers\NMgamingms.sys --> C:\windows\system32\drivers\NMgamingms.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-24 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\windows\system32\DRIVERS\virtualnet.sys --> C:\windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-05 19:36:02 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Roaming\SUPERAntiSpyware.com
2012-08-05 19:35:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-05 19:35:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-05 10:15:24 16200 ----a-w- C:\windows\stinger.sys
2012-08-05 08:08:45 27256 ----a-w- C:\windows\System32\drivers\FixZeroAccess.sys
2012-08-05 07:40:11 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-05 02:40:39 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Roaming\Malwarebytes
2012-08-05 02:40:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-05 02:40:09 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-05 02:40:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-05 02:33:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 21:16:54 -------- d-----w- C:\Program Files (x86)\stinger
2012-08-02 00:39:41 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69D337CC-0BA6-4A68-AD18-B02713FEB4D4}\mpengine.dll
2012-08-01 03:47:56 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Local\RealNetworks
2012-07-31 22:52:06 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 00:51:58 998720 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
.
==================== Find3M ====================
.
2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-05 18:12:07 60304 ----a-w- C:\Users\Muthu Kumaran\g2mdlhlpx.exe
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-19 17:56:30 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-19 17:56:30 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
.
============= FINISH: 20:18:41.22 ===============


==========

2. The minimized attach.txt from the DDS scan:

Please find it attached as instructed on screen by the tool.

==========

3. The aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 20:39:01
-----------------------------
20:39:01.713 OS Version: Windows x64 6.1.7601 Service Pack 1
20:39:01.713 Number of processors: 4 586 0x2505
20:39:01.713 ComputerName: BOBBYMUTHU-PC UserName: Muthu Kumaran
20:39:02.852 Initialize success
20:40:07.713 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:07.713 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
20:40:07.744 Disk 0 MBR read successfully
20:40:07.744 Disk 0 MBR scan
20:40:07.744 Disk 0 Windows VISTA default MBR code
20:40:07.760 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:40:07.775 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463437 MB offset 3074048
20:40:07.806 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12002 MB offset 952193024
20:40:07.853 Disk 0 scanning C:\windows\system32\drivers
20:40:14.639 Service scanning
20:40:36.479 Modules scanning
20:40:36.479 Disk 0 trace - called modules:
20:40:36.510 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:40:36.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d0e060]
20:40:36.526 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e6050]
20:40:36.526 Scan finished successfully
20:42:17.692 Disk 0 MBR has been saved successfully to "C:\Users\Muthu Kumaran\Desktop\MBR.dat"
20:42:17.692 The log file has been saved successfully to "C:\Users\Muthu Kumaran\Desktop\aswMBR.txt"


==========

4. The old Malwarebytes log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Muthu Kumaran :: BOBBYMUTHU-PC [administrator]

8/4/2012 7:43:25 PM
mbam-log-2012-08-04 (19-43-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 214071
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Muthu Kumaran\AppData\Local\Temp\0.7530654541107465 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)


==========

5. In addition, below are the logs from RogueKiller (by Tigzy) which i used to find & partially delete the infection (deleted a few registry entries & files).

Log from the first & second run (found issues on scanning again):

First run :


RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Muthu Kumaran [Admin rights]
Mode: Scan -- Date: 08/05/2012 02:28:47

Bad processes: 0

Registry Entries: 5
[SUSP PATH] HKCU\[...]\Run : RealNetworks (Rundll32.exe "C:\Users\Muthu Kumaran\AppData\Local\RealNetworks\dbcowfgt.dll",DllCanUnloadNow) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-858260106-1723179720-3785742293-1000[...]\Run : RealNetworks (Rundll32.exe "C:\Users\Muthu Kumaran\AppData\Local\RealNetworks\dbcowfgt.dll",DllCanUnloadNow) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Muthu Kumaran\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

Driver: [NOT LOADED]

Infection : ZeroAccess

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] b7d11a1870b3dc51431c147d5ab73ccc
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15372 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt




Second run :

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Muthu Kumaran [Admin rights]
Mode: Remove -- Date: 08/05/2012 02:31:49

Bad processes: 0

Registry Entries: 4
[SUSP PATH] HKCU\[...]\Run : RealNetworks (Rundll32.exe "C:\Users\Muthu Kumaran\AppData\Local\RealNetworks\dbcowfgt.dll",DllCanUnloadNow) -> DELETED
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Muthu Kumaran\AppData\Local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FILE] @ : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\muthu kumaran\appdata\local\{d0d044e9-7abb-0899-018b-0676cf8a906a}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED

Driver: [NOT LOADED]

Infection : ZeroAccess

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] b7d11a1870b3dc51431c147d5ab73ccc
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15372 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Since it was not fully removed, i notice that after restarting windows & running the scan again it does find a bad (backdoor?) process. Below is one such log of the run after restarting:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Muthu Kumaran [Admin rights]
Mode: Scan -- Date: 08/05/2012 11:55:25

Bad processes: 1
[SUSP PATH] Update Tool Notifier.exe -- C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe -> KILLED [TermProc]

Registry Entries: 0

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] b7d11a1870b3dc51431c147d5ab73ccc
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15372 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


Thanks
Bharri

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 15 August 2012 - 06:15 PM

Hello again,

First a big thanks for your response & help.

It's my pleasure! :thumbup2:

You most certainly were infected with ZeroAccess, and it seems now the infection has been severely crippled, if not gone entirely. This rootkit can cause unknown damage to the operating system, which is why we suggest a reformat/reinstall to be sure your system is 100% safe again.

Even though MSSE has been disabled, I still must mention this:

:step1: Multiple Antivirus Warning
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Microsoft Security Essentials.

==========

Since you mention you still have internet issues, I'd like to dig for leftovers with the following:

:step2: Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

Once done with the above, check your internet again!

==========

Please post the Combofix.txt in your next reply!

bloopie

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 18 August 2012 - 10:28 AM

Hello again,

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#7 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 19 August 2012 - 03:49 PM

Sorry for the delayed response & thanks for follow up .

I ran combofix as per your instructions. The first time i ran it, after it completed (50 stages) it proceeded to restart the machine. After the restart it showed a message saying that the log is being prepared. After about an hour & a half or so when i tried launching the process manager to see if its running i got the message "Illegal operation attempted on a registery key that has been marked for deletion.". So i restarted the machine as instructed.

On restart i found the file 'C:\Combofix.txt' as mentioned. On opening it i noticed my mistake in that the McAfee firewall was still on. So i proceeded to turn it off & then ran the combofix again. I had also copied the Combofix.txt to a directory & have pasted it here below.

On the second run, as before, after it completed 50 stages, it proceeded to restart & showed the message saying the log is being prepared. As it was late in the night i left it running. In the morning, i saw that it was still running & after about an hour or so it generated & popped up a file named 'log.txt'. I have pasted it here below.

Once this was done i restarted my laptop & ran rogue killer again before connecting to internet. I noticed that it still mentioned the Bad Process (Update Tool
Notifier.exe) after killing it. I have pasted the rogue killer log here below. Then, on enabling the wireless i was able to connect to the internet (sending this reply through my laptop).

C:\Combofix.txt
===============

ComboFix 12-08-18.03 - Muthu Kumaran 08/19/2012 2:12:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2396 [GMT -7:00]
Running from: E:\bleepingcomputer\MORE\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Users\Muthu Kumaran\g2mdlhlpx.exe


((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))


2012-08-19 09:20:15 . 2012-08-19 09:20:15 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-05 19:36:02 . 2012-08-05 19:36:02 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Roaming\SUPERAntiSpyware.com
2012-08-05 19:35:57 . 2012-08-05 19:36:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-05 19:35:57 . 2012-08-05 19:35:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-05 10:15:24 . 2012-08-12 07:49:30 16200 ----a-w- C:\windows\stinger.sys
2012-08-05 08:08:45 . 2012-08-05 08:11:42 27256 ----a-w- C:\windows\system32\drivers\FixZeroAccess.sys
2012-08-05 07:40:11 . 2012-08-05 07:40:11 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-05 02:40:39 . 2012-08-05 02:40:39 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Roaming\Malwarebytes
2012-08-05 02:40:10 . 2012-08-05 02:40:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-05 02:40:09 . 2012-07-03 20:46:44 24904 ----a-w- C:\windows\system32\drivers\mbam.sys
2012-08-05 02:40:08 . 2012-08-05 02:40:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-05 02:33:01 . 2012-08-05 04:55:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 21:16:54 . 2012-08-12 07:52:07 -------- d-----w- C:\Program Files (x86)\stinger
2012-08-02 00:39:41 . 2012-06-29 10:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69D337CC-0BA6-4A68-AD18-B02713FEB4D4}\mpengine.dll
2012-08-01 03:47:56 . 2012-08-01 16:28:33 -------- d-----w- C:\Users\Muthu Kumaran\AppData\Local\RealNetworks
2012-07-31 22:52:06 . 2012-06-29 10:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-31 00:51:58 . 2012-07-31 00:51:58 998720 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-12 06:52:50 . 2011-04-17 05:45:17 59701280 ----a-w- C:\windows\system32\MRT.exe
2012-06-12 03:08:36 . 2012-07-12 06:56:21 3148800 ----a-w- C:\windows\system32\win32k.sys
2012-06-09 05:43:10 . 2012-07-11 19:01:29 14172672 ----a-w- C:\windows\system32\shell32.dll
2012-06-06 06:06:16 . 2012-07-11 19:01:34 2004480 ----a-w- C:\windows\system32\msxml6.dll
2012-06-06 06:06:16 . 2012-07-11 19:01:33 1881600 ----a-w- C:\windows\system32\msxml3.dll
2012-06-06 06:02:54 . 2012-07-11 19:01:10 1133568 ----a-w- C:\windows\system32\cdosys.dll
2012-06-06 05:05:52 . 2012-07-11 19:01:33 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 . 2012-07-11 19:01:31 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 . 2012-07-11 19:01:14 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:19:46 . 2012-06-22 15:45:04 38424 ----a-w- C:\windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-22 15:45:32 2428952 ----a-w- C:\windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-22 15:45:33 57880 ----a-w- C:\windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-22 15:45:33 44056 ----a-w- C:\windows\system32\wups2.dll
2012-06-02 22:19:42 . 2012-06-22 15:44:39 186752 ----a-w- C:\windows\system32\wuwebv.dll
2012-06-02 22:19:23 . 2012-06-22 15:45:03 701976 ----a-w- C:\windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-22 15:45:32 2622464 ----a-w- C:\windows\system32\wucltux.dll
2012-06-02 22:15:12 . 2012-06-22 15:44:39 36864 ----a-w- C:\windows\system32\wuapp.exe
2012-06-02 22:15:08 . 2012-06-22 15:45:04 99840 ----a-w- C:\windows\system32\wudriver.dll
2012-06-02 12:49:39 . 2012-07-12 06:51:53 17807360 ----a-w- C:\windows\system32\mshtml.dll
2012-06-02 12:17:39 . 2012-07-12 06:51:52 10924032 ----a-w- C:\windows\system32\ieframe.dll
2012-06-02 12:12:17 . 2012-07-12 06:51:56 2311680 ----a-w- C:\windows\system32\jscript9.dll
2012-06-02 12:05:54 . 2012-07-12 06:51:59 1346048 ----a-w- C:\windows\system32\urlmon.dll
2012-06-02 12:05:28 . 2012-07-12 06:51:57 1392128 ----a-w- C:\windows\system32\wininet.dll
2012-06-02 12:04:50 . 2012-07-12 06:51:56 1494528 ----a-w- C:\windows\system32\inetcpl.cpl
2012-06-02 12:04:25 . 2012-07-12 06:51:59 237056 ----a-w- C:\windows\system32\url.dll
2012-06-02 12:03:00 . 2012-07-12 06:51:57 85504 ----a-w- C:\windows\system32\jsproxy.dll
2012-06-02 12:01:40 . 2012-07-12 06:51:57 173056 ----a-w- C:\windows\system32\ieUnatt.exe
2012-06-02 12:00:33 . 2012-07-12 06:51:55 818688 ----a-w- C:\windows\system32\jscript.dll
2012-06-02 11:59:47 . 2012-07-12 06:51:59 2144768 ----a-w- C:\windows\system32\iertutil.dll
2012-06-02 11:57:36 . 2012-07-12 06:52:00 96768 ----a-w- C:\windows\system32\mshtmled.dll
2012-06-02 11:57:08 . 2012-07-12 06:52:01 2382848 ----a-w- C:\windows\system32\mshtml.tlb
2012-06-02 11:54:06 . 2012-07-12 06:51:58 248320 ----a-w- C:\windows\system32\ieui.dll
2012-06-02 08:33:25 . 2012-07-12 06:51:56 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 . 2012-07-12 06:51:57 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 . 2012-07-12 06:51:56 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 . 2012-07-12 06:51:57 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 . 2012-07-12 06:52:01 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 . 2012-07-11 19:01:23 458704 ----a-w- C:\windows\system32\drivers\cng.sys
2012-06-02 05:48:16 . 2012-07-11 19:01:23 151920 ----a-w- C:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48:16 . 2012-07-11 19:01:21 95600 ----a-w- C:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45:31 . 2012-07-11 19:01:23 340992 ----a-w- C:\windows\system32\schannel.dll
2012-06-02 05:44:21 . 2012-07-11 19:01:23 307200 ----a-w- C:\windows\system32\ncrypt.dll
2012-06-02 04:40:42 . 2012-07-11 19:01:21 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 . 2012-07-11 19:01:22 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 . 2012-07-11 19:01:22 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 . 2012-07-11 19:01:20 96768 ----a-w- C:\windows\SysWow64\sspicli.dll


((((((((((((((((((((((((((((( SnapShot@2012-08-19_07.46.18 )))))))))))))))))))))))))))))))))))))))))

+ 2012-08-19 09:20:22 . 2012-08-19 09:20:22 13384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-19 07:45:08 . 2012-08-19 07:45:08 13384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-10-15 03:20:58 . 2012-08-19 09:22:50 62762 C:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-08-19 09:22:51 40526 C:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-17 05:54:16 . 2012-08-19 09:22:51 18030 C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-858260106-1723179720-3785742293-1000_UserData.bin
+ 2011-04-17 02:54:24 . 2012-08-19 09:06:58 32768 C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-17 02:54:24 . 2012-08-19 02:46:14 32768 C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-17 02:54:24 . 2012-08-19 09:06:58 32768 C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-17 02:54:24 . 2012-08-19 02:46:14 32768 C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:19 . 2012-08-19 09:06:58 16384 C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:19 . 2012-08-19 02:46:14 16384 C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-02 08:31:24 . 2012-08-19 09:06:17 3266 C:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-19 07:45:46 . 2012-08-19 07:45:46 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 09:20:57 . 2012-08-19 09:20:57 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 09:20:57 . 2012-08-19 09:20:57 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-19 07:45:46 . 2012-08-19 07:45:46 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01:48 . 2012-08-19 09:20:22 324172 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2012-08-19 07:45:06 324172 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-17 10:02:27 . 2012-08-19 09:20:22 1986668 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-858260106-1723179720-3785742293-1000-8192.dat
- 2011-04-17 10:02:27 . 2012-08-19 07:45:07 1986668 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-858260106-1723179720-3785742293-1000-8192.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 04:04:10 39408]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 23:38:43 5661056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 18:07:56 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 21:02:04 254696]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-22 04:18:44 1675160]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-19 17:56:32 296056]

C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Update Tool Notifier.exe [2011-10-27 145552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04:15 136176]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04:15 136176]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys [2012-02-22 20:29:46 100912]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 03:44:12 98688]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-27 01:49:56 291696]
R3 NMgamingmsFltr;USB Optical Mouse;C:\windows\system32\drivers\NMgamingms.sys [2009-07-24 15:55:10 11264]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 16:21:50 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 00:44:48 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 00:57:42 835952]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-07-08 13:28:56 815704]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 01:38:56 51712]
R3 vnet;Shrew Soft Virtual Adapter;C:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 07:18:46 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-04-17 05:58:29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys [2012-02-22 20:29:46 289664]
S1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 20:29:46 75936]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S1 vflt;Shrew Soft Lightweight Filter;C:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 07:18:46 21504]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 22:22:40 822624]
S2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 05:18:46 56592]
S2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe [2010-10-08 05:18:44 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 05:18:46 697616]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 01:28:20 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 01:28:20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 01:28:20 249936]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 19:56:24 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe [2012-03-20 20:11:30 162192]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-06-23 20:28:19 131512]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 22:49:41 126392]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 16:30:18 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-02-26 02:00:32 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 02:15:22 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 19:57:02 2320920]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys [2012-02-22 20:29:46 65264]
S3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 20:54:54 56344]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 14:32:14 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 17:24:56 169584]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys [2012-02-22 20:29:46 487296]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 00:06:38 35008]
S3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 20:58:50 12800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 04:57:22 239136]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 10:32:20 932384]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 16:30:10 764264]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 16:30:18 268648]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 16:30:18 25960]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 16:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 16:30:22 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-08-19 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04:18 . 2010-10-15 04:04:15]

2012-08-19 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04:18 . 2010-10-15 04:04:15]

2012-08-11 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858260106-1723179720-3785742293-1000Core.job
- C:\Users\Muthu Kumaran\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 18:57:57 . 2011-06-02 17:15:01]

2012-08-19 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858260106-1723179720-3785742293-1000UA.job
- C:\Users\Muthu Kumaran\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 18:57:57 . 2011-06-02 17:15:01]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"(Default)"="" [BU]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2010-08-10 19:14:40 161304]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2010-08-10 19:14:26 386584]
"Persistence"="C:\windows\system32\igfxpers.exe" [2010-08-10 19:14:34 415256]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 22:43:30 520760]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 18:31:40 307768]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 21:31:34 24376]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 00:45:06 709976]
"TosNC"="C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-27 01:54:34 1271168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0


Combofix log
============

ComboFix 12-08-18.03 - Muthu Kumaran 08/19/2012 2:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2638 [GMT -7:00]
Running from: e:\bleepingcomputer\MORE\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 09:59 . 2012-08-19 09:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 19:36 . 2012-08-05 19:36 -------- d-----w- c:\users\Muthu Kumaran\AppData\Roaming\SUPERAntiSpyware.com
2012-08-05 19:35 . 2012-08-05 19:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-05 19:35 . 2012-08-05 19:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-05 10:15 . 2012-08-12 07:49 16200 ----a-w- c:\windows\stinger.sys
2012-08-05 08:08 . 2012-08-05 08:11 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-08-05 07:40 . 2012-08-05 07:40 -------- d-----w- c:\programdata\HitmanPro
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\users\Muthu Kumaran\AppData\Roaming\Malwarebytes
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-05 02:40 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-05 02:33 . 2012-08-05 04:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 21:16 . 2012-08-12 07:52 -------- d-----w- c:\program files (x86)\stinger
2012-08-02 00:39 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69D337CC-0BA6-4A68-AD18-B02713FEB4D4}\mpengine.dll
2012-08-01 03:47 . 2012-08-01 16:28 -------- d-----w- c:\users\Muthu Kumaran\AppData\Local\RealNetworks
2012-07-31 22:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 00:51 . 2012-07-31 00:51 998720 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:52 . 2011-04-17 05:45 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 06:56 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 19:01 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:01 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:01 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:01 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:01 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:01 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:01 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 15:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 15:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 15:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 15:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 15:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 15:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-12 06:51 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 06:51 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 06:51 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 06:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 06:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 06:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 06:51 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 06:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 06:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 06:51 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 06:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 06:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 06:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 06:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 06:51 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 06:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 06:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 06:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 06:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 19:01 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:01 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 19:01 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 19:01 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:01 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:01 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:01 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-19_07.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-19 09:59 . 2012-08-19 09:59 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-19 07:45 . 2012-08-19 07:45 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-10-15 03:20 . 2012-08-19 10:01 63158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 10:01 40558 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-17 05:54 . 2012-08-19 10:01 18094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-858260106-1723179720-3785742293-1000_UserData.bin
+ 2011-04-17 02:54 . 2012-08-19 09:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-17 02:54 . 2012-08-19 02:46 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-17 02:54 . 2012-08-19 09:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-17 02:54 . 2012-08-19 02:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-19 09:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-19 02:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-02 08:31 . 2012-08-19 09:42 3266 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-19 07:45 . 2012-08-19 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 09:59 . 2012-08-19 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 09:59 . 2012-08-19 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-19 07:45 . 2012-08-19 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-19 09:59 324172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-19 07:45 324172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-17 10:02 . 2012-08-19 09:59 1986668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-858260106-1723179720-3785742293-1000-8192.dat
- 2011-04-17 10:02 . 2012-08-19 07:45 1986668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-858260106-1723179720-3785742293-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-19 296056]
.
c:\users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Update Tool Notifier.exe [2011-10-27 145552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-06-23 131512]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858260106-1723179720-3785742293-1000Core.job
- c:\users\Muthu Kumaran\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 17:15]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858260106-1723179720-3785742293-1000UA.job
- c:\users\Muthu Kumaran\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 17:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"(Default)"="" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Muthu Kumaran\AppData\Roaming\Mozilla\Firefox\Profiles\12gmi3xt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-08-19 10:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 17:51
.
Pre-Run: 401,741,258,752 bytes free
Post-Run: 401,290,866,688 bytes free
.
- - End Of File - - 29FB36D43F77DE70D235C4EEF8E6697F


Roguekiller Report
==================

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Muthu Kumaran [Admin rights]
Mode: Scan -- Date: 08/19/2012 11:37:56

Bad processes: 1
[SUSP PATH] Update Tool Notifier.exe -- C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe -> KILLED [TermProc]

Registry Entries: 0

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] b7d11a1870b3dc51431c147d5ab73ccc
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15372 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[20].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 19 August 2012 - 04:11 PM

Hi again,

Combofix has removed a bad service, however you still have two antivirus programs running! Could you please remove one as mentioned in post #5 of this thread?

==========

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

After posting the log from TDSSKiller, let me know how the computer is running now?

bloopie

Edited by bloopie, 19 August 2012 - 04:13 PM.


#9 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 20 August 2012 - 01:43 AM

Hi Bloopie,

After my post i also updated & ran Malwarebytes Anti-Malware. It detected two 'bad files'. I have pasted the mbam log from the run below.

After reading your post, as per the instructions i have removed Microsoft Security Essentials. I also downloaded & ran TDSSKiller which did not detect any malicious objects.

However after i restarted my PC & ran RogueKiller again (after updating it) it still keeps showing the 'bad process'.

I have pasted the TDSSKiller log & RogueKiller report below for your reference.

mbam log
========


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Muthu Kumaran :: BOBBYMUTHU-PC [administrator]

8/19/2012 2:59:21 PM
mbam-log-2012-08-19 (14-59-21).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 402222
Time elapsed: 1 hour(s), 34 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Muthu Kumaran\Desktop\RK_Quarantine\dbcowfgt.dll.vir (Spyware.Password) -> No action taken.
C:\Users\Muthu Kumaran\AppData\Local\RealNetworks\dbcowfgt.dll (Spyware.Password) -> Quarantined and deleted successfully.

(end)



TDSSKiller log
===============

17:26:17.0215 5536 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:26:19.0227 5536 ============================================================
17:26:19.0227 5536 Current date / time: 2012/08/19 17:26:19.0227
17:26:19.0227 5536 SystemInfo:
17:26:19.0227 5536
17:26:19.0227 5536 OS Version: 6.1.7601 ServicePack: 1.0
17:26:19.0227 5536 Product type: Workstation
17:26:19.0227 5536 ComputerName: BOBBYMUTHU-PC
17:26:19.0227 5536 UserName: Muthu Kumaran
17:26:19.0227 5536 Windows directory: C:\windows
17:26:19.0227 5536 System windows directory: C:\windows
17:26:19.0227 5536 Running under WOW64
17:26:19.0227 5536 Processor architecture: Intel x64
17:26:19.0227 5536 Number of processors: 4
17:26:19.0227 5536 Page size: 0x1000
17:26:19.0227 5536 Boot type: Normal boot
17:26:19.0227 5536 ============================================================
17:26:19.0945 5536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:19.0945 5536 ============================================================
17:26:19.0945 5536 \Device\Harddisk0\DR0:
17:26:19.0945 5536 MBR partitions:
17:26:19.0945 5536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38926800
17:26:19.0945 5536 ============================================================
17:26:19.0976 5536 C: <-> \Device\Harddisk0\DR0\Partition1
17:26:19.0976 5536 ============================================================
17:26:19.0976 5536 Initialize success
17:26:19.0976 5536 ============================================================
17:26:28.0572 1756 ============================================================
17:26:28.0572 1756 Scan started
17:26:28.0572 1756 Mode: Manual;
17:26:28.0572 1756 ============================================================
17:26:29.0524 1756 ================ Scan services =============================
17:26:29.0602 1756 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:26:29.0664 1756 !SASCORE - ok
17:26:29.0804 1756 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:26:29.0836 1756 1394ohci - ok
17:26:29.0882 1756 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:26:29.0882 1756 ACPI - ok
17:26:29.0898 1756 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:26:29.0929 1756 AcpiPmi - ok
17:26:29.0992 1756 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:26:30.0007 1756 adp94xx - ok
17:26:30.0023 1756 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:26:30.0023 1756 adpahci - ok
17:26:30.0054 1756 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:26:30.0070 1756 adpu320 - ok
17:26:30.0085 1756 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:26:30.0101 1756 AeLookupSvc - ok
17:26:30.0148 1756 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys
17:26:30.0194 1756 AFD - ok
17:26:30.0241 1756 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:26:30.0241 1756 agp440 - ok
17:26:30.0272 1756 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
17:26:30.0288 1756 ALG - ok
17:26:30.0319 1756 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys
17:26:30.0319 1756 aliide - ok
17:26:30.0319 1756 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys
17:26:30.0319 1756 amdide - ok
17:26:30.0366 1756 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:26:30.0366 1756 AmdK8 - ok
17:26:30.0397 1756 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:26:30.0397 1756 AmdPPM - ok
17:26:30.0413 1756 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:26:30.0460 1756 amdsata - ok
17:26:30.0491 1756 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:26:30.0506 1756 amdsbs - ok
17:26:30.0522 1756 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:26:30.0569 1756 amdxata - ok
17:26:30.0631 1756 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys
17:26:30.0694 1756 AppID - ok
17:26:30.0709 1756 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:26:30.0709 1756 AppIDSvc - ok
17:26:30.0740 1756 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:26:30.0772 1756 Appinfo - ok
17:26:30.0850 1756 [ d8e18021f91ad79ca8491cb5a5da22d4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:30.0896 1756 Apple Mobile Device - ok
17:26:30.0943 1756 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys
17:26:30.0943 1756 arc - ok
17:26:30.0943 1756 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:26:30.0959 1756 arcsas - ok
17:26:30.0974 1756 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:26:30.0974 1756 AsyncMac - ok
17:26:31.0021 1756 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys
17:26:31.0021 1756 atapi - ok
17:26:31.0052 1756 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:26:31.0099 1756 AudioEndpointBuilder - ok
17:26:31.0099 1756 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:26:31.0099 1756 AudioSrv - ok
17:26:31.0146 1756 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll
17:26:31.0177 1756 AxInstSV - ok
17:26:31.0224 1756 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
17:26:31.0224 1756 b06bdrv - ok
17:26:31.0271 1756 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:26:31.0271 1756 b57nd60a - ok
17:26:31.0318 1756 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
17:26:31.0318 1756 BDESVC - ok
17:26:31.0349 1756 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:26:31.0364 1756 Beep - ok
17:26:31.0427 1756 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll
17:26:31.0458 1756 BFE - ok
17:26:31.0505 1756 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\system32\qmgr.dll
17:26:31.0598 1756 BITS - ok
17:26:31.0630 1756 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:26:31.0645 1756 blbdrive - ok
17:26:31.0708 1756 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:26:31.0754 1756 Bonjour Service - ok
17:26:31.0770 1756 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:26:31.0817 1756 bowser - ok
17:26:31.0832 1756 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:26:31.0848 1756 BrFiltLo - ok
17:26:31.0879 1756 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:26:31.0879 1756 BrFiltUp - ok
17:26:31.0895 1756 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
17:26:31.0895 1756 BridgeMP - ok
17:26:31.0926 1756 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\windows\System32\browser.dll
17:26:31.0942 1756 Browser - ok
17:26:31.0957 1756 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:26:31.0973 1756 Brserid - ok
17:26:31.0973 1756 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:26:31.0988 1756 BrSerWdm - ok
17:26:32.0020 1756 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:26:32.0020 1756 BrUsbMdm - ok
17:26:32.0035 1756 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:26:32.0051 1756 BrUsbSer - ok
17:26:32.0066 1756 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:26:32.0066 1756 BTHMODEM - ok
17:26:32.0098 1756 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
17:26:32.0113 1756 bthserv - ok
17:26:32.0113 1756 catchme - ok
17:26:32.0129 1756 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:26:32.0144 1756 cdfs - ok
17:26:32.0176 1756 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:26:32.0207 1756 cdrom - ok
17:26:32.0254 1756 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll
17:26:32.0285 1756 CertPropSvc - ok
17:26:32.0332 1756 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\windows\system32\drivers\cfwids.sys
17:26:32.0378 1756 cfwids - ok
17:26:32.0410 1756 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:26:32.0410 1756 circlass - ok
17:26:32.0441 1756 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
17:26:32.0456 1756 CLFS - ok
17:26:32.0503 1756 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:32.0534 1756 clr_optimization_v2.0.50727_32 - ok
17:26:32.0722 1756 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:32.0784 1756 clr_optimization_v2.0.50727_64 - ok
17:26:33.0065 1756 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:33.0268 1756 clr_optimization_v4.0.30319_32 - ok
17:26:33.0314 1756 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:33.0361 1756 clr_optimization_v4.0.30319_64 - ok
17:26:33.0392 1756 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:26:33.0392 1756 CmBatt - ok
17:26:33.0424 1756 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys
17:26:33.0424 1756 cmdide - ok
17:26:33.0455 1756 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys
17:26:33.0486 1756 CNG - ok
17:26:33.0548 1756 [ 25c58ee97be0416a373e3e4f855206b5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:26:33.0595 1756 CnxtHdAudService - ok
17:26:33.0642 1756 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:26:33.0658 1756 Compbatt - ok
17:26:33.0689 1756 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:26:33.0720 1756 CompositeBus - ok
17:26:33.0736 1756 COMSysApp - ok
17:26:33.0751 1756 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:26:33.0751 1756 crcdisk - ok
17:26:33.0798 1756 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:26:33.0829 1756 CryptSvc - ok
17:26:33.0954 1756 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:26:34.0001 1756 cvhsvc - ok
17:26:34.0048 1756 [ 44bddeb03c84a1c993c992ffb5700357 ] CVirtA C:\windows\system32\DRIVERS\CVirtA64.sys
17:26:34.0079 1756 CVirtA - ok
17:26:34.0126 1756 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:26:34.0126 1756 DcomLaunch - ok
17:26:34.0157 1756 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
17:26:34.0172 1756 defragsvc - ok
17:26:34.0188 1756 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:26:34.0235 1756 DfsC - ok
17:26:34.0250 1756 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll
17:26:34.0282 1756 Dhcp - ok
17:26:34.0313 1756 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
17:26:34.0313 1756 discache - ok
17:26:34.0344 1756 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys
17:26:34.0344 1756 Disk - ok
17:26:34.0391 1756 [ 05cb5910b3ca6019fc3cca815ee06ffb ] DNE C:\windows\system32\DRIVERS\dne64x.sys
17:26:34.0438 1756 DNE - ok
17:26:34.0453 1756 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:26:34.0484 1756 Dnscache - ok
17:26:34.0500 1756 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll
17:26:34.0531 1756 dot3svc - ok
17:26:34.0562 1756 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll
17:26:34.0594 1756 DPS - ok
17:26:34.0625 1756 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:26:34.0625 1756 drmkaud - ok
17:26:34.0656 1756 dtpd - ok
17:26:34.0703 1756 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:26:34.0765 1756 DXGKrnl - ok
17:26:34.0812 1756 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
17:26:34.0812 1756 EapHost - ok
17:26:34.0890 1756 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
17:26:34.0968 1756 ebdrv - ok
17:26:34.0984 1756 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe
17:26:35.0030 1756 EFS - ok
17:26:35.0093 1756 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:26:35.0171 1756 ehRecvr - ok
17:26:35.0186 1756 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
17:26:35.0202 1756 ehSched - ok
17:26:35.0249 1756 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:26:35.0249 1756 elxstor - ok
17:26:35.0280 1756 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys
17:26:35.0280 1756 ErrDev - ok
17:26:35.0311 1756 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
17:26:35.0327 1756 EventSystem - ok
17:26:35.0342 1756 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
17:26:35.0342 1756 exfat - ok
17:26:35.0358 1756 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
17:26:35.0374 1756 fastfat - ok
17:26:35.0420 1756 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe
17:26:35.0452 1756 Fax - ok
17:26:35.0483 1756 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:26:35.0483 1756 fdc - ok
17:26:35.0514 1756 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
17:26:35.0514 1756 fdPHost - ok
17:26:35.0530 1756 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:26:35.0530 1756 FDResPub - ok
17:26:35.0561 1756 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:26:35.0561 1756 FileInfo - ok
17:26:35.0576 1756 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:26:35.0576 1756 Filetrace - ok
17:26:35.0639 1756 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:26:35.0639 1756 flpydisk - ok
17:26:35.0670 1756 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:26:35.0701 1756 FltMgr - ok
17:26:35.0748 1756 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll
17:26:35.0795 1756 FontCache - ok
17:26:35.0842 1756 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:35.0873 1756 FontCache3.0.0.0 - ok
17:26:35.0904 1756 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:26:35.0904 1756 FsDepends - ok
17:26:35.0935 1756 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:26:35.0998 1756 Fs_Rec - ok
17:26:36.0029 1756 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:26:36.0076 1756 fvevol - ok
17:26:36.0122 1756 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:26:36.0122 1756 gagp30kx - ok
17:26:36.0216 1756 [ 1fda0df739234c4023851a282dd28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
17:26:36.0278 1756 GameConsoleService - ok
17:26:36.0310 1756 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:36.0341 1756 GEARAspiWDM - ok
17:26:36.0372 1756 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll
17:26:36.0419 1756 gpsvc - ok
17:26:36.0497 1756 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:36.0559 1756 gupdate - ok
17:26:36.0559 1756 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:36.0559 1756 gupdatem - ok
17:26:36.0590 1756 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:26:36.0637 1756 gusvc - ok
17:26:36.0684 1756 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:26:36.0700 1756 hcw85cir - ok
17:26:36.0715 1756 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:26:36.0762 1756 HdAudAddService - ok
17:26:36.0778 1756 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:26:36.0778 1756 HDAudBus - ok
17:26:36.0809 1756 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:26:36.0856 1756 HECIx64 - ok
17:26:36.0871 1756 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:26:36.0871 1756 HidBatt - ok
17:26:36.0887 1756 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:26:36.0887 1756 HidBth - ok
17:26:36.0902 1756 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:26:36.0918 1756 HidIr - ok
17:26:36.0934 1756 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
17:26:36.0934 1756 hidserv - ok
17:26:36.0965 1756 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:26:37.0012 1756 HidUsb - ok
17:26:37.0043 1756 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:26:37.0074 1756 hkmsvc - ok
17:26:37.0090 1756 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:26:37.0136 1756 HomeGroupListener - ok
17:26:37.0168 1756 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:26:37.0199 1756 HomeGroupProvider - ok
17:26:37.0214 1756 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:26:37.0261 1756 HpSAMD - ok
17:26:37.0308 1756 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:26:37.0339 1756 HTTP - ok
17:26:37.0386 1756 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:26:37.0402 1756 hwpolicy - ok
17:26:37.0433 1756 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:26:37.0448 1756 i8042prt - ok
17:26:37.0495 1756 [ 5e60dd5f090ab4a563c7204c289c4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:26:37.0495 1756 iaStor - ok
17:26:37.0526 1756 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:26:37.0573 1756 iaStorV - ok
17:26:37.0651 1756 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:26:37.0698 1756 IDriverT - ok
17:26:37.0745 1756 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:37.0807 1756 idsvc - ok
17:26:37.0994 1756 [ 1be8d9ca4f2363b8e8015621878e0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:26:38.0213 1756 igfx - ok
17:26:38.0260 1756 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:26:38.0260 1756 iirsp - ok
17:26:38.0275 1756 iked - ok
17:26:38.0306 1756 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll
17:26:38.0338 1756 IKEEXT - ok
17:26:38.0384 1756 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
17:26:38.0416 1756 Impcd - ok
17:26:38.0447 1756 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys
17:26:38.0447 1756 intelide - ok
17:26:38.0478 1756 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:26:38.0478 1756 intelppm - ok
17:26:38.0509 1756 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:26:38.0509 1756 IPBusEnum - ok
17:26:38.0540 1756 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:26:38.0572 1756 IpFilterDriver - ok
17:26:38.0634 1756 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:26:38.0665 1756 iphlpsvc - ok
17:26:38.0696 1756 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:26:38.0743 1756 IPMIDRV - ok
17:26:38.0774 1756 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:26:38.0774 1756 IPNAT - ok
17:26:38.0852 1756 [ 3c0d4b3e80fc4854ca325dd123cc4ded ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:26:38.0915 1756 iPod Service - ok
17:26:38.0930 1756 ipsecd - ok
17:26:38.0946 1756 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:26:38.0962 1756 IRENUM - ok
17:26:38.0977 1756 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:26:38.0977 1756 isapnp - ok
17:26:39.0008 1756 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:26:39.0040 1756 iScsiPrt - ok
17:26:39.0071 1756 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:26:39.0071 1756 kbdclass - ok
17:26:39.0086 1756 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:26:39.0133 1756 kbdhid - ok
17:26:39.0149 1756 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe
17:26:39.0180 1756 KeyIso - ok
17:26:39.0211 1756 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:26:39.0227 1756 KSecDD - ok
17:26:39.0274 1756 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:26:39.0305 1756 KSecPkg - ok
17:26:39.0336 1756 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:26:39.0336 1756 ksthunk - ok
17:26:39.0383 1756 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
17:26:39.0383 1756 KtmRm - ok
17:26:39.0430 1756 [ 655a5d8e80869781cce23760ada7e695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
17:26:39.0476 1756 L1C - ok
17:26:39.0509 1756 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\System32\srvsvc.dll
17:26:39.0555 1756 LanmanServer - ok
17:26:39.0571 1756 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:26:39.0618 1756 LanmanWorkstation - ok
17:26:39.0649 1756 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:26:39.0665 1756 lltdio - ok
17:26:39.0696 1756 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
17:26:39.0711 1756 lltdsvc - ok
17:26:39.0727 1756 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:26:39.0727 1756 lmhosts - ok
17:26:39.0789 1756 [ dbc1136a62bd4decc3632df650284c2e ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:26:39.0867 1756 LMS - ok
17:26:39.0883 1756 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:26:39.0899 1756 LSI_FC - ok
17:26:39.0914 1756 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:26:39.0914 1756 LSI_SAS - ok
17:26:39.0930 1756 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:26:39.0945 1756 LSI_SAS2 - ok
17:26:39.0961 1756 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:26:39.0961 1756 LSI_SCSI - ok
17:26:39.0977 1756 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
17:26:39.0977 1756 luafv - ok
17:26:40.0070 1756 [ acb01bf1a905356ab7f978c7fe852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0070 1756 McAfee SiteAdvisor Service - ok
17:26:40.0070 1756 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0070 1756 McMPFSvc - ok
17:26:40.0101 1756 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0101 1756 mcmscsvc - ok
17:26:40.0117 1756 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0117 1756 McNaiAnn - ok
17:26:40.0133 1756 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0133 1756 McNASvc - ok
17:26:40.0164 1756 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
17:26:40.0226 1756 McODS - ok
17:26:40.0226 1756 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:26:40.0226 1756 McProxy - ok
17:26:40.0289 1756 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:26:40.0335 1756 McShield - ok
17:26:40.0367 1756 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:26:40.0445 1756 Mcx2Svc - ok
17:26:40.0460 1756 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:26:40.0460 1756 megasas - ok
17:26:40.0476 1756 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:26:40.0491 1756 MegaSR - ok
17:26:40.0507 1756 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
17:26:40.0569 1756 mfeapfk - ok
17:26:40.0647 1756 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
17:26:40.0694 1756 mfeavfk - ok
17:26:40.0710 1756 mfeavfk01 - ok
17:26:40.0725 1756 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:26:40.0772 1756 mfefire - ok
17:26:40.0819 1756 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
17:26:40.0866 1756 mfefirek - ok
17:26:40.0944 1756 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
17:26:40.0991 1756 mfehidk - ok
17:26:41.0069 1756 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
17:26:41.0115 1756 mfenlfk - ok
17:26:41.0162 1756 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\windows\system32\drivers\mferkdet.sys
17:26:41.0209 1756 mferkdet - ok
17:26:41.0256 1756 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\windows\system32\mfevtps.exe
17:26:41.0303 1756 mfevtp - ok
17:26:41.0349 1756 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
17:26:41.0381 1756 mfewfpk - ok
17:26:41.0412 1756 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
17:26:41.0412 1756 MMCSS - ok
17:26:41.0427 1756 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
17:26:41.0427 1756 Modem - ok
17:26:41.0459 1756 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:26:41.0459 1756 monitor - ok
17:26:41.0474 1756 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:26:41.0490 1756 mouclass - ok
17:26:41.0505 1756 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:26:41.0521 1756 mouhid - ok
17:26:41.0537 1756 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:26:41.0583 1756 mountmgr - ok
17:26:41.0615 1756 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys
17:26:41.0646 1756 mpio - ok
17:26:41.0677 1756 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:26:41.0677 1756 mpsdrv - ok
17:26:41.0708 1756 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:26:41.0739 1756 MpsSvc - ok
17:26:41.0771 1756 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:26:41.0817 1756 MRxDAV - ok
17:26:41.0833 1756 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:26:41.0880 1756 mrxsmb - ok
17:26:41.0911 1756 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:26:41.0958 1756 mrxsmb10 - ok
17:26:41.0973 1756 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:26:42.0020 1756 mrxsmb20 - ok
17:26:42.0036 1756 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:26:42.0067 1756 msahci - ok
17:26:42.0098 1756 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:26:42.0145 1756 msdsm - ok
17:26:42.0161 1756 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
17:26:42.0176 1756 MSDTC - ok
17:26:42.0207 1756 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:26:42.0207 1756 Msfs - ok
17:26:42.0223 1756 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:26:42.0223 1756 mshidkmdf - ok
17:26:42.0239 1756 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:26:42.0239 1756 msisadrv - ok
17:26:42.0270 1756 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:26:42.0270 1756 MSiSCSI - ok
17:26:42.0285 1756 msiserver - ok
17:26:42.0301 1756 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:26:42.0301 1756 MSKSSRV - ok
17:26:42.0317 1756 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:26:42.0317 1756 MSPCLOCK - ok
17:26:42.0332 1756 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:26:42.0332 1756 MSPQM - ok
17:26:42.0379 1756 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:26:42.0410 1756 MsRPC - ok
17:26:42.0441 1756 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:26:42.0441 1756 mssmbios - ok
17:26:42.0457 1756 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:26:42.0457 1756 MSTEE - ok
17:26:42.0473 1756 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:26:42.0473 1756 MTConfig - ok
17:26:42.0488 1756 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
17:26:42.0488 1756 Mup - ok
17:26:42.0535 1756 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll
17:26:42.0566 1756 napagent - ok
17:26:42.0675 1756 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:26:42.0675 1756 NativeWifiP - ok
17:26:42.0722 1756 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys
17:26:42.0722 1756 NDIS - ok
17:26:42.0753 1756 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:26:42.0753 1756 NdisCap - ok
17:26:42.0785 1756 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:26:42.0785 1756 NdisTapi - ok
17:26:42.0831 1756 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:26:42.0878 1756 Ndisuio - ok
17:26:42.0925 1756 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:26:42.0972 1756 NdisWan - ok
17:26:43.0003 1756 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:26:43.0034 1756 NDProxy - ok
17:26:43.0081 1756 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:26:43.0097 1756 NetBIOS - ok
17:26:43.0143 1756 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:26:43.0175 1756 NetBT - ok
17:26:43.0190 1756 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe
17:26:43.0237 1756 Netlogon - ok
17:26:43.0284 1756 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
17:26:43.0284 1756 Netman - ok
17:26:43.0315 1756 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
17:26:43.0315 1756 netprofm - ok
17:26:43.0362 1756 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:43.0377 1756 NetTcpPortSharing - ok
17:26:43.0393 1756 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:26:43.0409 1756 nfrd960 - ok
17:26:43.0424 1756 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:26:43.0455 1756 NlaSvc - ok
17:26:43.0487 1756 [ fbca3fd51604147770eb4fb53d6144a8 ] NMgamingmsFltr C:\windows\system32\drivers\NMgamingms.sys
17:26:43.0533 1756 NMgamingmsFltr - ok
17:26:43.0565 1756 Norton PC Checkup Application Launcher - ok
17:26:43.0596 1756 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:26:43.0611 1756 Npfs - ok
17:26:43.0627 1756 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
17:26:43.0627 1756 nsi - ok
17:26:43.0643 1756 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:26:43.0658 1756 nsiproxy - ok
17:26:43.0705 1756 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:26:43.0752 1756 Ntfs - ok
17:26:43.0767 1756 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
17:26:43.0767 1756 Null - ok
17:26:43.0783 1756 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys
17:26:43.0830 1756 nvraid - ok
17:26:43.0845 1756 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys
17:26:43.0877 1756 nvstor - ok
17:26:43.0892 1756 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:26:43.0908 1756 nv_agp - ok
17:26:43.0970 1756 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:26:44.0017 1756 odserv - ok
17:26:44.0033 1756 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:26:44.0048 1756 ohci1394 - ok
17:26:44.0064 1756 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:44.0126 1756 ose - ok
17:26:44.0235 1756 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:26:44.0469 1756 osppsvc - ok
17:26:44.0516 1756 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:26:44.0532 1756 p2pimsvc - ok
17:26:44.0547 1756 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
17:26:44.0563 1756 p2psvc - ok
17:26:44.0594 1756 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:26:44.0625 1756 Parport - ok
17:26:44.0672 1756 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys
17:26:44.0703 1756 partmgr - ok
17:26:44.0735 1756 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:26:44.0750 1756 PcaSvc - ok
17:26:44.0797 1756 [ 2f86be1818c2d7ac90478e3323ee7fcb ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
17:26:44.0844 1756 PCCUJobMgr - ok
17:26:44.0875 1756 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys
17:26:44.0906 1756 pci - ok
17:26:44.0922 1756 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\drivers\pciide.sys
17:26:44.0937 1756 pciide - ok
17:26:44.0969 1756 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:26:44.0969 1756 pcmcia - ok
17:26:44.0984 1756 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
17:26:44.0984 1756 pcw - ok
17:26:45.0000 1756 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:26:45.0015 1756 PEAUTH - ok
17:26:45.0078 1756 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
17:26:45.0078 1756 PerfHost - ok
17:26:45.0125 1756 [ 663962900e7fea522126ba287715bb4a ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:26:45.0156 1756 PGEffect - ok
17:26:45.0203 1756 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll
17:26:45.0249 1756 pla - ok
17:26:45.0265 1756 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:26:45.0296 1756 PlugPlay - ok
17:26:45.0327 1756 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:26:45.0343 1756 PNRPAutoReg - ok
17:26:45.0359 1756 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:26:45.0359 1756 PNRPsvc - ok
17:26:45.0390 1756 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:26:45.0421 1756 PolicyAgent - ok
17:26:45.0452 1756 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
17:26:45.0468 1756 Power - ok
17:26:45.0515 1756 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:26:45.0561 1756 PptpMiniport - ok
17:26:45.0593 1756 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys
17:26:45.0624 1756 Processor - ok
17:26:45.0717 1756 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll
17:26:45.0749 1756 ProfSvc - ok
17:26:45.0764 1756 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:26:45.0795 1756 ProtectedStorage - ok
17:26:45.0858 1756 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:26:45.0905 1756 Psched - ok
17:26:45.0967 1756 [ c8fcb4899f8b70cc34e0d9876a80963c ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
17:26:46.0014 1756 QIOMem - ok
17:26:46.0061 1756 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:26:46.0170 1756 ql2300 - ok
17:26:46.0217 1756 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:26:46.0232 1756 ql40xx - ok
17:26:46.0279 1756 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
17:26:46.0279 1756 QWAVE - ok
17:26:46.0310 1756 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:26:46.0326 1756 QWAVEdrv - ok
17:26:46.0341 1756 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:26:46.0373 1756 RasAcd - ok
17:26:46.0435 1756 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:26:46.0435 1756 RasAgileVpn - ok
17:26:46.0482 1756 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
17:26:46.0513 1756 RasAuto - ok
17:26:46.0544 1756 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:26:46.0607 1756 Rasl2tp - ok
17:26:46.0685 1756 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll
17:26:46.0716 1756 RasMan - ok
17:26:46.0763 1756 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:26:46.0778 1756 RasPppoe - ok
17:26:46.0794 1756 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:26:46.0794 1756 RasSstp - ok
17:26:46.0887 1756 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:26:46.0934 1756 rdbss - ok
17:26:46.0965 1756 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:26:46.0981 1756 rdpbus - ok
17:26:46.0997 1756 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:26:46.0997 1756 RDPCDD - ok
17:26:47.0028 1756 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:26:47.0043 1756 RDPENCDD - ok
17:26:47.0075 1756 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:26:47.0075 1756 RDPREFMP - ok
17:26:47.0137 1756 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:26:47.0184 1756 RDPWD - ok
17:26:47.0246 1756 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:26:47.0293 1756 rdyboost - ok
17:26:47.0324 1756 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:26:47.0340 1756 RemoteAccess - ok
17:26:47.0387 1756 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:26:47.0387 1756 RemoteRegistry - ok
17:26:47.0418 1756 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:26:47.0433 1756 RpcEptMapper - ok
17:26:47.0449 1756 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
17:26:47.0465 1756 RpcLocator - ok
17:26:47.0511 1756 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll
17:26:47.0511 1756 RpcSs - ok
17:26:47.0558 1756 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:26:47.0574 1756 rspndr - ok
17:26:47.0683 1756 [ 3ceee53bbf8ba284ff44585cec0162fe ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:26:47.0730 1756 RSUSBSTOR - ok
17:26:47.0808 1756 [ ffc748d848740d1bc8f330a8879c2674 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:26:47.0870 1756 rtl8192Ce - ok
17:26:47.0901 1756 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe
17:26:47.0948 1756 SamSs - ok
17:26:47.0995 1756 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:26:48.0042 1756 SASDIFSV - ok
17:26:48.0057 1756 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:26:48.0089 1756 SASKUTIL - ok
17:26:48.0135 1756 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:26:48.0182 1756 sbp2port - ok
17:26:48.0213 1756 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
17:26:48.0245 1756 SCardSvr - ok
17:26:48.0276 1756 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:26:48.0338 1756 scfilter - ok
17:26:48.0416 1756 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll
17:26:48.0463 1756 Schedule - ok
17:26:48.0494 1756 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll
17:26:48.0494 1756 SCPolicySvc - ok
17:26:48.0541 1756 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:26:48.0572 1756 SDRSVC - ok
17:26:48.0619 1756 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:26:48.0635 1756 secdrv - ok
17:26:48.0666 1756 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll
17:26:48.0713 1756 seclogon - ok
17:26:48.0744 1756 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
17:26:48.0744 1756 SENS - ok
17:26:48.0775 1756 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:26:48.0775 1756 SensrSvc - ok
17:26:48.0791 1756 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:26:48.0806 1756 Serenum - ok
17:26:48.0822 1756 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:26:48.0837 1756 Serial - ok
17:26:48.0853 1756 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:26:48.0869 1756 sermouse - ok
17:26:48.0900 1756 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:26:48.0931 1756 SessionEnv - ok
17:26:48.0962 1756 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:26:48.0962 1756 sffdisk - ok
17:26:48.0978 1756 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:26:48.0978 1756 sffp_mmc - ok
17:26:48.0993 1756 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:26:49.0040 1756 sffp_sd - ok
17:26:49.0181 1756 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:26:49.0181 1756 sfloppy - ok
17:26:49.0227 1756 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:26:49.0283 1756 Sftfs - ok
17:26:49.0353 1756 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:26:49.0403 1756 sftlist - ok
17:26:49.0413 1756 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:26:49.0473 1756 Sftplay - ok
17:26:49.0483 1756 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:26:49.0523 1756 Sftredir - ok
17:26:49.0553 1756 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:26:49.0583 1756 Sftvol - ok
17:26:49.0634 1756 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:26:49.0704 1756 sftvsa - ok
17:26:49.0764 1756 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
17:26:49.0784 1756 SharedAccess - ok
17:26:49.0814 1756 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:26:49.0864 1756 ShellHWDetection - ok
17:26:49.0904 1756 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:26:49.0914 1756 SiSRaid2 - ok
17:26:49.0944 1756 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:26:49.0954 1756 SiSRaid4 - ok
17:26:49.0964 1756 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:26:49.0974 1756 Smb - ok
17:26:50.0014 1756 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:26:50.0024 1756 SNMPTRAP - ok
17:26:50.0034 1756 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
17:26:50.0044 1756 spldr - ok
17:26:50.0150 1756 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\windows\System32\spoolsv.exe
17:26:50.0196 1756 Spooler - ok
17:26:50.0337 1756 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe
17:26:50.0415 1756 sppsvc - ok
17:26:50.0430 1756 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:26:50.0446 1756 sppuinotify - ok
17:26:50.0477 1756 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys
17:26:50.0508 1756 srv - ok
17:26:50.0540 1756 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:26:50.0586 1756 srv2 - ok
17:26:50.0680 1756 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
17:26:50.0696 1756 SrvHsfHDA - ok
17:26:50.0742 1756 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
17:26:50.0774 1756 SrvHsfV92 - ok
17:26:50.0805 1756 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
17:26:50.0820 1756 SrvHsfWinac - ok
17:26:50.0852 1756 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:26:50.0883 1756 srvnet - ok
17:26:50.0945 1756 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:26:50.0945 1756 SSDPSRV - ok
17:26:50.0961 1756 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
17:26:50.0976 1756 SstpSvc - ok
17:26:51.0023 1756 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:26:51.0039 1756 stexstor - ok
17:26:51.0101 1756 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll
17:26:51.0148 1756 stisvc - ok
17:26:51.0179 1756 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\drivers\swenum.sys
17:26:51.0179 1756 swenum - ok
17:26:51.0210 1756 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
17:26:51.0226 1756 swprv - ok
17:26:51.0273 1756 [ 470c47daba9ca3966f0ab3f835d7d135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:26:51.0320 1756 SynTP - ok
17:26:51.0366 1756 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll
17:26:51.0413 1756 SysMain - ok
17:26:51.0444 1756 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:26:51.0476 1756 TabletInputService - ok
17:26:51.0491 1756 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:26:51.0522 1756 TapiSrv - ok
17:26:51.0554 1756 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
17:26:51.0585 1756 TBS - ok
17:26:51.0663 1756 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:26:51.0725 1756 Tcpip - ok
17:26:51.0741 1756 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:26:51.0756 1756 TCPIP6 - ok
17:26:51.0788 1756 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:26:51.0866 1756 tcpipreg - ok
17:26:51.0912 1756 [ fd542b661bd22fa69ca789ad0ac58c29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:26:51.0944 1756 tdcmdpst - ok
17:26:51.0975 1756 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:26:51.0975 1756 TDPIPE - ok
17:26:52.0006 1756 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:26:52.0053 1756 TDTCP - ok
17:26:52.0100 1756 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:26:52.0146 1756 tdx - ok
17:26:52.0162 1756 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\drivers\termdd.sys
17:26:52.0193 1756 TermDD - ok
17:26:52.0224 1756 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll
17:26:52.0256 1756 TermService - ok
17:26:52.0287 1756 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
17:26:52.0287 1756 Themes - ok
17:26:52.0302 1756 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
17:26:52.0302 1756 THREADORDER - ok
17:26:52.0380 1756 [ 28644b0523d64eff2fc7312a2ee74b0a ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:26:52.0443 1756 TMachInfo - ok
17:26:52.0474 1756 [ ed32035bdfeced1ad66d459fd9cc1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
17:26:52.0521 1756 TODDSrv - ok
17:26:52.0599 1756 [ db9719688c08f42705feb3f6a0c98b91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:26:52.0661 1756 TosCoSrv - ok
17:26:52.0708 1756 [ bae96ad126f4eed4d361b092ba2e61fe ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:26:52.0786 1756 TOSHIBA eco Utility Service - ok
17:26:52.0817 1756 [ 74c2fa8c3765ee71a9c22182ec108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:26:52.0880 1756 TOSHIBA HDD SSD Alert Service - ok
17:26:52.0926 1756 [ 97687d094aa597da366e1194b218cc6c ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:26:52.0989 1756 TPCHSrv - ok
17:26:53.0004 1756 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
17:26:53.0020 1756 TrkWks - ok
17:26:53.0067 1756 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:26:53.0114 1756 TrustedInstaller - ok
17:26:53.0145 1756 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:26:53.0176 1756 tssecsrv - ok
17:26:53.0270 1756 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:26:53.0316 1756 TsUsbFlt - ok
17:26:53.0332 1756 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:26:53.0363 1756 tunnel - ok
17:26:53.0410 1756 [ 550b567f9364d8f7684c3fb3ea665a72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:26:53.0441 1756 TVALZ - ok
17:26:53.0472 1756 [ 9c7191f4b2e49bff47a6c1144b5923fa ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:26:53.0504 1756 TVALZFL - ok
17:26:53.0550 1756 [ 711561440fdc396cb6e4c69c13375a38 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
17:26:53.0628 1756 tvnserver - ok
17:26:53.0660 1756 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:26:53.0660 1756 uagp35 - ok
17:26:53.0675 1756 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:26:53.0722 1756 udfs - ok
17:26:53.0753 1756 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:26:53.0753 1756 UI0Detect - ok
17:26:53.0769 1756 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:26:53.0769 1756 uliagpkx - ok
17:26:53.0800 1756 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\drivers\umbus.sys
17:26:53.0862 1756 umbus - ok
17:26:53.0878 1756 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:26:53.0894 1756 UmPass - ok
17:26:53.0987 1756 [ 7466809e6da561d60c2f1ce8ede3c73f ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:26:54.0081 1756 UNS - ok
17:26:54.0112 1756 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
17:26:54.0128 1756 upnphost - ok
17:26:54.0159 1756 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
17:26:54.0221 1756 USBAAPL64 - ok
17:26:54.0237 1756 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:26:54.0268 1756 usbccgp - ok
17:26:54.0315 1756 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:26:54.0315 1756 usbcir - ok
17:26:54.0346 1756 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\drivers\usbehci.sys
17:26:54.0393 1756 usbehci - ok
17:26:54.0440 1756 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:26:54.0486 1756 usbhub - ok
17:26:54.0518 1756 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:26:54.0549 1756 usbohci - ok
17:26:54.0580 1756 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:26:54.0580 1756 usbprint - ok
17:26:54.0611 1756 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:26:54.0642 1756 USBSTOR - ok
17:26:54.0689 1756 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:26:54.0720 1756 usbuhci - ok
17:26:54.0767 1756 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:26:54.0814 1756 usbvideo - ok
17:26:54.0845 1756 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
17:26:54.0845 1756 UxSms - ok
17:26:54.0861 1756 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe
17:26:54.0908 1756 VaultSvc - ok
17:26:54.0923 1756 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:26:54.0923 1756 vdrvroot - ok
17:26:54.0970 1756 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe
17:26:55.0032 1756 vds - ok
17:26:55.0079 1756 [ 00c7df4f50962ba218ab60d32869100b ] vflt C:\windows\system32\DRIVERS\vfilter.sys
17:26:55.0110 1756 vflt - ok
17:26:55.0142 1756 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:26:55.0157 1756 vga - ok
17:26:55.0173 1756 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
17:26:55.0188 1756 VgaSave - ok
17:26:55.0220 1756 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:26:55.0266 1756 vhdmp - ok
17:26:55.0282 1756 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys
17:26:55.0298 1756 viaide - ok
17:26:55.0329 1756 [ a99ca064ad11266fe7067a79bf78bbb5 ] vnet C:\windows\system32\DRIVERS\virtualnet.sys
17:26:55.0360 1756 vnet - ok
17:26:55.0376 1756 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:26:55.0422 1756 volmgr - ok
17:26:55.0438 1756 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:26:55.0485 1756 volmgrx - ok
17:26:55.0500 1756 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:26:55.0547 1756 volsnap - ok
17:26:55.0610 1756 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:26:55.0610 1756 vsmraid - ok
17:26:55.0688 1756 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe
17:26:55.0734 1756 VSS - ok
17:26:55.0750 1756 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:26:55.0766 1756 vwifibus - ok
17:26:55.0797 1756 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:26:55.0812 1756 vwififlt - ok
17:26:55.0828 1756 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:26:55.0828 1756 vwifimp - ok
17:26:55.0875 1756 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
17:26:55.0890 1756 W32Time - ok
17:26:55.0906 1756 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:26:55.0922 1756 WacomPen - ok
17:26:55.0953 1756 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:26:56.0015 1756 WANARP - ok
17:26:56.0015 1756 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:26:56.0015 1756 Wanarpv6 - ok
17:26:56.0093 1756 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:26:56.0156 1756 WatAdminSvc - ok
17:26:56.0202 1756 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe
17:26:56.0249 1756 wbengine - ok
17:26:56.0280 1756 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:26:56.0280 1756 WbioSrvc - ok
17:26:56.0343 1756 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll
17:26:56.0390 1756 wcncsvc - ok
17:26:56.0421 1756 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:26:56.0421 1756 WcsPlugInService - ok
17:26:56.0452 1756 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\DRIVERS\wd.sys
17:26:56.0468 1756 Wd - ok
17:26:56.0499 1756 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:26:56.0514 1756 Wdf01000 - ok
17:26:56.0530 1756 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:26:56.0546 1756 WdiServiceHost - ok
17:26:56.0546 1756 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:26:56.0546 1756 WdiSystemHost - ok
17:26:56.0577 1756 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll
17:26:56.0608 1756 WebClient - ok
17:26:56.0624 1756 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:26:56.0655 1756 Wecsvc - ok
17:26:56.0686 1756 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:26:56.0686 1756 wercplsupport - ok
17:26:56.0717 1756 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
17:26:56.0717 1756 WerSvc - ok
17:26:56.0733 1756 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:26:56.0733 1756 WfpLwf - ok
17:26:56.0748 1756 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:26:56.0764 1756 WIMMount - ok
17:26:56.0780 1756 WinDefend - ok
17:26:56.0795 1756 WinHttpAutoProxySvc - ok
17:26:56.0842 1756 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:26:56.0858 1756 Winmgmt - ok
17:26:56.0920 1756 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll
17:26:56.0982 1756 WinRM - ok
17:26:57.0014 1756 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:26:57.0060 1756 WinUsb - ok
17:26:57.0092 1756 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
17:26:57.0107 1756 Wlansvc - ok
17:26:57.0154 1756 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:26:57.0216 1756 wlcrasvc - ok
17:26:57.0294 1756 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:26:57.0404 1756 wlidsvc - ok
17:26:57.0435 1756 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:26:57.0450 1756 WmiAcpi - ok
17:26:57.0482 1756 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:26:57.0482 1756 wmiApSrv - ok
17:26:57.0513 1756 WMPNetworkSvc - ok
17:26:57.0544 1756 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
17:26:57.0544 1756 WPCSvc - ok
17:26:57.0575 1756 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:26:57.0622 1756 WPDBusEnum - ok
17:26:57.0653 1756 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:26:57.0653 1756 ws2ifsl - ok
17:26:57.0669 1756 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\windows\system32\wscsvc.dll
17:26:57.0684 1756 wscsvc - ok
17:26:57.0684 1756 WSearch - ok
17:26:57.0762 1756 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll
17:26:57.0778 1756 wuauserv - ok
17:26:57.0794 1756 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:26:57.0825 1756 WudfPf - ok
17:26:57.0856 1756 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:26:57.0887 1756 WUDFRd - ok
17:26:57.0918 1756 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:26:57.0950 1756 wudfsvc - ok
17:26:57.0981 1756 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
17:26:57.0996 1756 WwanSvc - ok
17:26:58.0012 1756 ================ Scan global ===============================
17:26:58.0043 1756 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
17:26:58.0090 1756 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
17:26:58.0152 1756 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
17:26:58.0168 1756 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
17:26:58.0215 1756 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
17:26:58.0230 1756 [Global] - ok
17:26:58.0230 1756 ================ Scan MBR ==================================
17:26:58.0246 1756 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:26:58.0433 1756 \Device\Harddisk0\DR0 - ok
17:26:58.0433 1756 ================ Scan VBR ==================================
17:26:58.0464 1756 Boot (0x1200) (0c80e75223ad68866696b5837df22cac) \Device\Harddisk0\DR0\Partition1
17:26:58.0464 1756 \Device\Harddisk0\DR0\Partition1 - ok
17:26:58.0464 1756 ============================================================
17:26:58.0464 1756 Scan finished
17:26:58.0464 1756 ============================================================
17:26:58.0464 0548 Detected object count: 0
17:26:58.0464 0548 Actual detected object count: 0


Roguekiller report
=================


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Muthu Kumaran [Admin rights]
Mode: Scan -- Date: 08/19/2012 23:03:59

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] Update Tool Notifier.exe -- C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[22].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[2].txt ;
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt ; RKreport[9].txt


Thanks
Bharri

Edited by cookiemonster1, 20 August 2012 - 02:33 AM.


#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 20 August 2012 - 02:27 PM

Hi again,

C:\Users\Muthu Kumaran\Desktop\RK_Quarantine\dbcowfgt.dll.vir (Spyware.Password) -> No action taken.

This entry has already been quarantined by RogueKiller, so it's not harmful anymore.

Please try to make no further changes to the computer other than what I tell you, as this may hamper the cleaning process!

==========

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

==========

In addition to the FSS.txt, please let me know how the computer is running now? Any issues I should know about?

bloopie

#11 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 21 August 2012 - 01:56 PM

Hi Bloopie,

FSS.txt pasted below.As of now Laptop is working.

Farbar Service Scanner Version: 06-08-2012
Ran by Muthu Kumaran (administrator) on 21-08-2012 at 11:46:57
Running from "C:\Users\Muthu Kumaran\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Thanks
Bharri

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 21 August 2012 - 05:35 PM

Hi again,

Sorry for the delay, work today was pretty hectic!

Things aren't looking too bad here. I'd like you to upload a file for me:

  • Go to VirusTotal.com
  • Click the "Choose File" button.
  • Navigate to the file C:\Users\Muthu Kumaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe and click Open.
  • Click the "Scan It" button (***Note: If it says this file has already been scanned, please click "Reanalyse").
  • When it is finished scanning please provide a link to the results page in your next reply.

bloopie

#13 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 22 August 2012 - 11:28 PM

Hi Bloopie,

I have given the link below:

https://www.virustotal.com/file/369e1fbe20212db59a5b57f0a40a90805c0e07e717a82b80c5aaa6c36ebe3228/analysis/1345695387/

Also I have attached the same as PDF file.

Thanks,
Bharri

Attached Files


Edited by cookiemonster1, 23 August 2012 - 11:17 AM.


#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:13 PM

Posted 23 August 2012 - 10:15 AM

Hi again,

Those logs aren't looking too bad. Let's run another scan:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply!
  • Click the Back button.
  • Click the Finish button.

Is your computer running normally now? Anything else I should know about?

bloopie

#15 cookiemonster1

cookiemonster1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 24 August 2012 - 04:33 PM

Hi,

Contents of the Report:

C:\Users\Muthu Kumaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\49fb3e93-57626e5c a variant of Java/Exploit.CVE-2012-1723.AJ trojan deleted - quarantined
C:\Users\Muthu Kumaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-59ce1ef4 multiple threats deleted - quarantined
C:\Users\Muthu Kumaran\Desktop\PDFCreator-1_3_2_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined

Computer is working normally now.



Bharri




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users