Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Adobe Flash Player Update Infected My Laptop (Windows), iPad, and my hp


  • This topic is locked This topic is locked
39 replies to this topic

#1 fasciola

fasciola

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 12:41 AM

Dear all,

 

I have previously posted a topic for this at another link of bleeping computer:

http://www.bleepingcomputer.com/forums/t/528694/fake-adobe-flash-player-update-infected-my-laptop-windows-ipad-and-my-hp/

 

Hereby I paste the problems that I have mentioned in the topic earlier.

 

I don't know since when fake adobe flash player update kept popping up when I open facebook link on my laptop (Windows OS, not Macbook). Not only that, my sister's laptop, my iPad, and my handphone (Samsung Note 3) also have the same pop-up when I open facebook, instagram, and youtube. I guess this is because all these gadgets share the same wireless connection. (Update:  I guess my suspicion on wireless connection seems to be correct. When I connect my handphone (Samsung Note 2) to my wireless connection, it could not open the instagram account. At one time, the news feed is filled up about update the fake adobe flash player. When I disconnect it, it returns to normal.)

 

- I have tried various ways to fix the problem. I had bought Kaspersky to fix the problem but it didn't detect any problem.

- I have installed trial SpyHunter and StopZilla. They detect a lot of malwares and Trojans; but I need to purchase them if to remove all the threats. But I didn't purchase after seeing many bad reviews about them.

- I have also followed the steps recommended in this link by bleepingcomputer:

http://www.bleepingcomputer.com/forums/t/526198/redirect-from-youtube-fb-to-fake-adobe-player-download/

But all the reports showed no problem. (I can attach all the reports, if needed)

- I have installed Spyware Doctor also have no problem.

 

Earlier, a helpful friend with ID boopme had suggested me to run RKill and Malwarebytes Anti-Malware but also the two programs did not really detect the problem (Please refer to the link on top).

 

I had been asked to run DDS by boopme. Here is the result.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by You Li at 12:44:17 on 2014-03-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1910.69 [GMT 8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\You Li\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [Facebook Update] "C:\Users\You Li\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\You Li\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: NameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA} : DHCPNameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA}\439383 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\You Li\AppData\Roaming\Mozilla\Firefox\Profiles\3o4xjyka.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\You Li\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\You Li\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-24 16:47; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? klflt;klflt
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? Samsung UPD Service;Samsung UPD Service
R? sbapifs;sbapifs
R? SkypeUpdate;Skype Updater
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11
S? AVP;Kaspersky Anti-Virus Service
S? Blackberry Device Manager;Blackberry Device Manager
S? Browser Defender Update Service;Browser Defender Update Service
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? HECIx64;Intel® Management Engine Interface
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klkbdflt;Kaspersky Lab KLKBDFLT
S? klmouflt;Kaspersky Lab KLMOUFLT
S? klpd;klpd
S? kltdi;kltdi
S? kneps;kneps
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? MBAMWebAccessControl;MBAMWebAccessControl
S? NAUpdate;Nero Update
S? PCTCore;PCTools KDS
S? PGEffect;Pangu effect driver
S? PxHlpa64;PxHlpa64
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? SSPORT;SSPORT
S? UNS;Intel® Management & Security Application User Notification Service
S? vmwvusb;VMware View Generic USB Driver
S? wsnm;VMware View Client
S? wsnm_usbctrl;VMware View USB Control
.
=============== Created Last 30 ================
.
2014-03-26 02:08:31 119512 ----a-w- C:\Windows\System32\drivers\490D7795.sys
2014-03-26 02:06:47 119512 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-03-26 02:05:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-26 02:05:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-26 02:05:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 01:25:20 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A87F04-EDC9-49C9-9B8F-CB33E9539399}\mpengine.dll
2014-03-25 10:45:32 767952 ----a-w- C:\Windows\BDTSupport.dll
2014-03-25 10:45:31 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2014-03-25 10:45:30 165840 ----a-w- C:\Windows\PCTBDRes.dll
2014-03-25 10:45:30 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2014-03-25 10:44:33 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2014-03-25 10:44:33 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2014-03-25 10:44:18 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2014-03-25 10:43:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2014-03-25 10:43:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Users\You Li\AppData\Roaming\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\ProgramData\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2014-03-24 12:10:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-24 12:10:04 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-24 05:26:36 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-03-24 05:24:59 -------- d-----w- C:\Windows\ELAMBKUP
2014-03-24 05:24:47 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-03-24 05:24:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-03-24 05:24:30 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-03-24 03:32:45 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-03-22 04:26:38 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-03-22 04:15:18 -------- d-----w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-03-22 03:20:49 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-03-22 03:20:14 -------- d-----w- C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-03-22 03:04:03 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 02:34:36 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-22 02:21:11 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-18 03:57:01 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-03-15 10:11:12 -------- d-----w- C:\Users\You Li\AppData\Roaming\Skins
2014-03-15 10:01:17 -------- d-----w- C:\Users\You Li\AppData\Roaming\Ad
2014-03-12 02:56:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 02:56:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 02:56:27 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 02:56:27 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 02:52:03 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 02:52:02 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 02:51:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 02:51:39 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:56:46 -------- d-----w- C:\ProgramData\ParetoLogic
2014-03-11 13:56:46 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-03-11 13:56:43 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-03-11 13:53:29 -------- d-----w- C:\ProgramData\Cached Installations
2014-03-11 02:06:39 -------- d-----w- C:\Users\You Li\AppData\Roaming\PowerISO
2014-03-11 01:31:01 -------- d-----w- C:\Users\You Li\AppData\Local\ElevatedDiagnostics
2014-03-01 05:01:20 -------- d-----w- C:\Users\You Li\AppData\Local\Skype
2014-02-26 08:11:00 -------- d-----w- C:\Windows\Migration
2014-02-26 08:08:36 -------- d-----w- C:\4478c055809c36381aedddfafb
.
==================== Find3M  ====================
.
2014-03-24 08:47:38 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-03-24 08:47:38 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-03-24 08:47:35 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-03-12 04:22:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:22:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:57:50.90 ===============

 



BC AdBot (Login to Remove)

 


#2 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 12:42 AM

Dear all,

 

I have previously posted a topic for this at another link of bleeping computer:

http://www.bleepingcomputer.com/forums/t/528694/fake-adobe-flash-player-update-infected-my-laptop-windows-ipad-and-my-hp/

 

Hereby I paste the problems that I have mentioned in the topic earlier.

 

I don't know since when fake adobe flash player update kept popping up when I open facebook link on my laptop (Windows OS, not Macbook). Not only that, my sister's laptop, my iPad, and my handphone (Samsung Note 3) also have the same pop-up when I open facebook, instagram, and youtube. I guess this is because all these gadgets share the same wireless connection. (Update:  I guess my suspicion on wireless connection seems to be correct. When I connect my handphone (Samsung Note 2) to my wireless connection, it could not open the instagram account. At one time, the news feed is filled up about update the fake adobe flash player. When I disconnect it, it returns to normal.)

 

- I have tried various ways to fix the problem. I had bought Kaspersky to fix the problem but it didn't detect any problem.

- I have installed trial SpyHunter and StopZilla. They detect a lot of malwares and Trojans; but I need to purchase them if to remove all the threats. But I didn't purchase after seeing many bad reviews about them.

- I have also followed the steps recommended in this link by bleepingcomputer:

http://www.bleepingcomputer.com/forums/t/526198/redirect-from-youtube-fb-to-fake-adobe-player-download/

But all the reports showed no problem. (I can attach all the reports, if needed)

- I have installed Spyware Doctor also have no problem.

 

Earlier, a helpful friend with ID boopme had suggested me to run RKill and Malwarebytes Anti-Malware but also the two programs did not really detect the problem (Please refer to the link on top).

 

I had been asked to run DDS by boopme. Here is the result.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by You Li at 12:44:17 on 2014-03-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1910.69 [GMT 8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\You Li\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [Facebook Update] "C:\Users\You Li\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\You Li\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: NameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA} : DHCPNameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA}\439383 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\You Li\AppData\Roaming\Mozilla\Firefox\Profiles\3o4xjyka.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\You Li\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\You Li\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-24 16:47; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? klflt;klflt
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? Samsung UPD Service;Samsung UPD Service
R? sbapifs;sbapifs
R? SkypeUpdate;Skype Updater
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11
S? AVP;Kaspersky Anti-Virus Service
S? Blackberry Device Manager;Blackberry Device Manager
S? Browser Defender Update Service;Browser Defender Update Service
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? HECIx64;Intel® Management Engine Interface
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klkbdflt;Kaspersky Lab KLKBDFLT
S? klmouflt;Kaspersky Lab KLMOUFLT
S? klpd;klpd
S? kltdi;kltdi
S? kneps;kneps
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? MBAMWebAccessControl;MBAMWebAccessControl
S? NAUpdate;Nero Update
S? PCTCore;PCTools KDS
S? PGEffect;Pangu effect driver
S? PxHlpa64;PxHlpa64
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? SSPORT;SSPORT
S? UNS;Intel® Management & Security Application User Notification Service
S? vmwvusb;VMware View Generic USB Driver
S? wsnm;VMware View Client
S? wsnm_usbctrl;VMware View USB Control
.
=============== Created Last 30 ================
.
2014-03-26 02:08:31 119512 ----a-w- C:\Windows\System32\drivers\490D7795.sys
2014-03-26 02:06:47 119512 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-03-26 02:05:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-26 02:05:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-26 02:05:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 01:25:20 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A87F04-EDC9-49C9-9B8F-CB33E9539399}\mpengine.dll
2014-03-25 10:45:32 767952 ----a-w- C:\Windows\BDTSupport.dll
2014-03-25 10:45:31 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2014-03-25 10:45:30 165840 ----a-w- C:\Windows\PCTBDRes.dll
2014-03-25 10:45:30 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2014-03-25 10:44:33 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2014-03-25 10:44:33 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2014-03-25 10:44:18 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2014-03-25 10:43:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2014-03-25 10:43:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Users\You Li\AppData\Roaming\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\ProgramData\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2014-03-24 12:10:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-24 12:10:04 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-24 05:26:36 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-03-24 05:24:59 -------- d-----w- C:\Windows\ELAMBKUP
2014-03-24 05:24:47 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-03-24 05:24:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-03-24 05:24:30 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-03-24 03:32:45 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-03-22 04:26:38 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-03-22 04:15:18 -------- d-----w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-03-22 03:20:49 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-03-22 03:20:14 -------- d-----w- C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-03-22 03:04:03 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 02:34:36 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-22 02:21:11 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-18 03:57:01 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-03-15 10:11:12 -------- d-----w- C:\Users\You Li\AppData\Roaming\Skins
2014-03-15 10:01:17 -------- d-----w- C:\Users\You Li\AppData\Roaming\Ad
2014-03-12 02:56:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 02:56:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 02:56:27 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 02:56:27 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 02:52:03 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 02:52:02 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 02:51:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 02:51:39 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:56:46 -------- d-----w- C:\ProgramData\ParetoLogic
2014-03-11 13:56:46 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-03-11 13:56:43 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-03-11 13:53:29 -------- d-----w- C:\ProgramData\Cached Installations
2014-03-11 02:06:39 -------- d-----w- C:\Users\You Li\AppData\Roaming\PowerISO
2014-03-11 01:31:01 -------- d-----w- C:\Users\You Li\AppData\Local\ElevatedDiagnostics
2014-03-01 05:01:20 -------- d-----w- C:\Users\You Li\AppData\Local\Skype
2014-02-26 08:11:00 -------- d-----w- C:\Windows\Migration
2014-02-26 08:08:36 -------- d-----w- C:\4478c055809c36381aedddfafb
.
==================== Find3M  ====================
.
2014-03-24 08:47:38 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-03-24 08:47:38 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-03-24 08:47:35 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-03-12 04:22:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:22:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:57:50.90 ===============

 



#3 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 12:42 AM

Dear all,

 

I have previously posted a topic for this at another link of bleeping computer:

http://www.bleepingcomputer.com/forums/t/528694/fake-adobe-flash-player-update-infected-my-laptop-windows-ipad-and-my-hp/

 

Hereby I paste the problems that I have mentioned in the topic earlier.

 

I don't know since when fake adobe flash player update kept popping up when I open facebook link on my laptop (Windows OS, not Macbook). Not only that, my sister's laptop, my iPad, and my handphone (Samsung Note 3) also have the same pop-up when I open facebook, instagram, and youtube. I guess this is because all these gadgets share the same wireless connection. (Update:  I guess my suspicion on wireless connection seems to be correct. When I connect my handphone (Samsung Note 2) to my wireless connection, it could not open the instagram account. At one time, the news feed is filled up about update the fake adobe flash player. When I disconnect it, it returns to normal.)

 

- I have tried various ways to fix the problem. I had bought Kaspersky to fix the problem but it didn't detect any problem.

- I have installed trial SpyHunter and StopZilla. They detect a lot of malwares and Trojans; but I need to purchase them if to remove all the threats. But I didn't purchase after seeing many bad reviews about them.

- I have also followed the steps recommended in this link by bleepingcomputer:

http://www.bleepingcomputer.com/forums/t/526198/redirect-from-youtube-fb-to-fake-adobe-player-download/

But all the reports showed no problem. (I can attach all the reports, if needed)

- I have installed Spyware Doctor also have no problem.

 

Earlier, a helpful friend with ID boopme had suggested me to run RKill and Malwarebytes Anti-Malware but also the two programs did not really detect the problem (Please refer to the link on top).

 

I had been asked to run DDS by boopme. Here is the result.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by You Li at 12:44:17 on 2014-03-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1910.69 [GMT 8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\You Li\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\You Li\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
uRun: [Facebook Update] "C:\Users\You Li\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\You Li\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: NameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA} : DHCPNameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{FAE9675D-E413-4451-8942-6F53343C54AA}\439383 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\You Li\AppData\Roaming\Mozilla\Firefox\Profiles\3o4xjyka.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\You Li\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\You Li\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\You Li\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-24 16:47; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? klflt;klflt
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? Samsung UPD Service;Samsung UPD Service
R? sbapifs;sbapifs
R? SkypeUpdate;Skype Updater
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11
S? AVP;Kaspersky Anti-Virus Service
S? Blackberry Device Manager;Blackberry Device Manager
S? Browser Defender Update Service;Browser Defender Update Service
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? HECIx64;Intel® Management Engine Interface
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klkbdflt;Kaspersky Lab KLKBDFLT
S? klmouflt;Kaspersky Lab KLMOUFLT
S? klpd;klpd
S? kltdi;kltdi
S? kneps;kneps
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? MBAMWebAccessControl;MBAMWebAccessControl
S? NAUpdate;Nero Update
S? PCTCore;PCTools KDS
S? PGEffect;Pangu effect driver
S? PxHlpa64;PxHlpa64
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? SSPORT;SSPORT
S? UNS;Intel® Management & Security Application User Notification Service
S? vmwvusb;VMware View Generic USB Driver
S? wsnm;VMware View Client
S? wsnm_usbctrl;VMware View USB Control
.
=============== Created Last 30 ================
.
2014-03-26 02:08:31 119512 ----a-w- C:\Windows\System32\drivers\490D7795.sys
2014-03-26 02:06:47 119512 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-03-26 02:05:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-26 02:05:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-26 02:05:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 01:25:20 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3A87F04-EDC9-49C9-9B8F-CB33E9539399}\mpengine.dll
2014-03-25 10:45:32 767952 ----a-w- C:\Windows\BDTSupport.dll
2014-03-25 10:45:31 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2014-03-25 10:45:30 165840 ----a-w- C:\Windows\PCTBDRes.dll
2014-03-25 10:45:30 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2014-03-25 10:44:33 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2014-03-25 10:44:33 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2014-03-25 10:44:18 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2014-03-25 10:43:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2014-03-25 10:43:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Users\You Li\AppData\Roaming\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\ProgramData\PC Tools
2014-03-25 10:43:40 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2014-03-24 12:10:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-24 12:10:04 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-24 05:26:36 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-03-24 05:24:59 -------- d-----w- C:\Windows\ELAMBKUP
2014-03-24 05:24:47 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-03-24 05:24:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-03-24 05:24:30 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-03-24 03:32:45 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-03-22 04:26:38 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-03-22 04:15:18 -------- d-----w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-03-22 03:20:49 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-03-22 03:20:14 -------- d-----w- C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-03-22 03:04:03 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 02:34:36 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-22 02:21:11 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-18 03:57:01 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-03-18 03:56:42 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-03-15 10:11:12 -------- d-----w- C:\Users\You Li\AppData\Roaming\Skins
2014-03-15 10:01:17 -------- d-----w- C:\Users\You Li\AppData\Roaming\Ad
2014-03-12 02:56:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 02:56:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 02:56:27 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 02:56:27 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 02:52:03 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 02:52:02 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 02:51:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 02:51:39 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:56:46 -------- d-----w- C:\ProgramData\ParetoLogic
2014-03-11 13:56:46 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-03-11 13:56:43 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-03-11 13:53:29 -------- d-----w- C:\ProgramData\Cached Installations
2014-03-11 02:06:39 -------- d-----w- C:\Users\You Li\AppData\Roaming\PowerISO
2014-03-11 01:31:01 -------- d-----w- C:\Users\You Li\AppData\Local\ElevatedDiagnostics
2014-03-01 05:01:20 -------- d-----w- C:\Users\You Li\AppData\Local\Skype
2014-02-26 08:11:00 -------- d-----w- C:\Windows\Migration
2014-02-26 08:08:36 -------- d-----w- C:\4478c055809c36381aedddfafb
.
==================== Find3M  ====================
.
2014-03-24 08:47:38 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-03-24 08:47:38 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-03-24 08:47:35 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-03-12 04:22:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 04:22:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:57:50.90 ===============

 



#4 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 12:48 AM

Sorry, I have attached the DDS file but didn't add to the post.

 

Attached File  Attach.txt   9.36KB   2 downloads

 

I think there was some error on my site so this topic has been posted three times. So sorry I didn't mean to spam.



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 27 March 2014 - 04:49 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 06:04 AM

Hi Marius, 

 

Thank you so much for replying!

 

I have followed your instruction to run scan from TDSSKiller. There was no threat found.

 

Here is the report.

 

18:57:57.0903 0x0814  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43

18:58:06.0954 0x0814  ============================================================
18:58:06.0954 0x0814  Current date / time: 2014/03/27 18:58:06.0954
18:58:06.0954 0x0814  SystemInfo:
18:58:06.0954 0x0814  
18:58:06.0954 0x0814  OS Version: 6.1.7601 ServicePack: 1.0
18:58:06.0954 0x0814  Product type: Workstation
18:58:06.0955 0x0814  ComputerName: JEUNGMINGJUK
18:58:06.0955 0x0814  UserName: You Li
18:58:06.0955 0x0814  Windows directory: C:\Windows
18:58:06.0955 0x0814  System windows directory: C:\Windows
18:58:06.0955 0x0814  Running under WOW64
18:58:06.0955 0x0814  Processor architecture: Intel x64
18:58:06.0955 0x0814  Number of processors: 4
18:58:06.0955 0x0814  Page size: 0x1000
18:58:06.0955 0x0814  Boot type: Normal boot
18:58:06.0955 0x0814  ============================================================
18:58:09.0329 0x0814  KLMD registered as C:\Windows\system32\drivers\47197169.sys
18:58:09.0900 0x0814  System UUID: {9187A594-343D-4BF4-2485-B461858DC9C3}
18:58:11.0326 0x0814  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:11.0352 0x0814  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
18:58:11.0654 0x0814  ============================================================
18:58:11.0654 0x0814  \Device\Harddisk0\DR0:
18:58:11.0692 0x0814  MBR partitions:
18:58:11.0692 0x0814  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:58:11.0692 0x0814  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C70800
18:58:11.0692 0x0814  \Device\Harddisk1\DR1:
18:58:11.0738 0x0814  MBR partitions:
18:58:11.0738 0x0814  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
18:58:11.0738 0x0814  ============================================================
18:58:11.0799 0x0814  C: <-> \Device\Harddisk0\DR0\Partition2
18:58:11.0858 0x0814  H: <-> \Device\Harddisk1\DR1\Partition1
18:58:11.0858 0x0814  ============================================================
18:58:11.0858 0x0814  Initialize success
18:58:11.0858 0x0814  ============================================================
18:58:26.0028 0x0798  ============================================================
18:58:26.0028 0x0798  Scan started
18:58:26.0028 0x0798  Mode: Manual; 
18:58:26.0029 0x0798  ============================================================
18:58:26.0029 0x0798  KSN ping started
18:58:49.0453 0x0798  KSN ping finished: true
18:58:53.0446 0x0798  ================ Scan system memory ========================
18:58:53.0446 0x0798  System memory - ok
18:58:53.0447 0x0798  ================ Scan services =============================
18:58:53.0679 0x0798  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:58:53.0913 0x0798  1394ohci - ok
18:58:54.0218 0x0798  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:58:54.0230 0x0798  ACPI - ok
18:58:54.0251 0x0798  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:58:54.0284 0x0798  AcpiPmi - ok
18:58:54.0435 0x0798  [ BF3818B441955E4D438EC72F06F1FE61, 091A80D6A8887B4B5AFF8D12CB5A96AF4A04B125C13BED815B3A776778CD3190 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
18:58:54.0447 0x0798  AdobeActiveFileMonitor11.0 - ok
18:58:54.0532 0x0798  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:58:54.0559 0x0798  AdobeARMservice - ok
18:58:54.0731 0x0798  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:58:54.0790 0x0798  AdobeFlashPlayerUpdateSvc - ok
18:58:54.0859 0x0798  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:58:54.0885 0x0798  adp94xx - ok
18:58:54.0933 0x0798  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:58:55.0010 0x0798  adpahci - ok
18:58:55.0058 0x0798  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:58:55.0076 0x0798  adpu320 - ok
18:58:55.0121 0x0798  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:58:55.0151 0x0798  AeLookupSvc - ok
18:58:55.0206 0x0798  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
18:58:55.0222 0x0798  AFD - ok
18:58:55.0264 0x0798  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:58:55.0277 0x0798  agp440 - ok
18:58:55.0319 0x0798  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:58:55.0330 0x0798  ALG - ok
18:58:55.0369 0x0798  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:58:55.0380 0x0798  aliide - ok
18:58:55.0395 0x0798  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:58:55.0410 0x0798  amdide - ok
18:58:55.0445 0x0798  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:58:55.0486 0x0798  AmdK8 - ok
18:58:55.0511 0x0798  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:58:55.0532 0x0798  AmdPPM - ok
18:58:55.0580 0x0798  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:58:55.0597 0x0798  amdsata - ok
18:58:55.0625 0x0798  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:58:55.0666 0x0798  amdsbs - ok
18:58:55.0709 0x0798  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:58:55.0712 0x0798  amdxata - ok
18:58:55.0760 0x0798  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:58:55.0773 0x0798  AppID - ok
18:58:55.0800 0x0798  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:58:55.0803 0x0798  AppIDSvc - ok
18:58:55.0851 0x0798  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:58:55.0855 0x0798  Appinfo - ok
18:58:55.0951 0x0798  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:58:55.0956 0x0798  Apple Mobile Device - ok
18:58:55.0990 0x0798  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:58:56.0008 0x0798  arc - ok
18:58:56.0042 0x0798  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:58:56.0073 0x0798  arcsas - ok
18:58:56.0243 0x0798  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:58:56.0373 0x0798  aspnet_state - ok
18:58:56.0401 0x0798  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:56.0403 0x0798  AsyncMac - ok
18:58:56.0454 0x0798  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:58:56.0458 0x0798  atapi - ok
18:58:56.0582 0x0798  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:58:56.0602 0x0798  AudioEndpointBuilder - ok
18:58:56.0626 0x0798  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:58:56.0642 0x0798  AudioSrv - ok
18:58:56.0884 0x0798  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
18:58:56.0893 0x0798  AVP - ok
18:58:56.0978 0x0798  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:58:56.0984 0x0798  AxInstSV - ok
18:58:57.0055 0x0798  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:58:57.0075 0x0798  b06bdrv - ok
18:58:57.0156 0x0798  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:58:57.0179 0x0798  b57nd60a - ok
18:58:57.0386 0x0798  [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:58:57.0621 0x0798  BCM43XX - ok
18:58:57.0674 0x0798  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:58:57.0678 0x0798  BDESVC - ok
18:58:57.0710 0x0798  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:58:57.0713 0x0798  Beep - ok
18:58:57.0784 0x0798  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:58:57.0805 0x0798  BFE - ok
18:58:57.0874 0x0798  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:58:58.0009 0x0798  BITS - ok
18:58:58.0153 0x0798  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
18:58:58.0178 0x0798  Blackberry Device Manager - ok
18:58:58.0206 0x0798  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:58:58.0209 0x0798  blbdrive - ok
18:58:58.0314 0x0798  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:58:58.0329 0x0798  Bonjour Service - ok
18:58:58.0371 0x0798  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:58:58.0376 0x0798  bowser - ok
18:58:58.0405 0x0798  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:58:58.0415 0x0798  BrFiltLo - ok
18:58:58.0438 0x0798  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:58:58.0447 0x0798  BrFiltUp - ok
18:58:58.0515 0x0798  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:58:58.0678 0x0798  Browser - ok
18:58:58.0854 0x0798  [ 21FA3E51618FF8E2F4B29964ABC5884F, AB6E5ACEBC426354C7CD7D297D8D2CA086755F0E410320CA15B989E8963ECC78 ] Browser Defender Update Service C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
18:58:58.0859 0x0798  Browser Defender Update Service - ok
18:58:58.0902 0x0798  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:58:58.0933 0x0798  Brserid - ok
18:58:59.0018 0x0798  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:58:59.0031 0x0798  BrSerWdm - ok
18:58:59.0057 0x0798  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:58:59.0068 0x0798  BrUsbMdm - ok
18:58:59.0195 0x0798  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:58:59.0207 0x0798  BrUsbSer - ok
18:58:59.0264 0x0798  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:58:59.0283 0x0798  BTHMODEM - ok
18:58:59.0343 0x0798  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:58:59.0347 0x0798  bthserv - ok
18:58:59.0398 0x0798  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:58:59.0417 0x0798  cdfs - ok
18:58:59.0497 0x0798  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:58:59.0502 0x0798  cdrom - ok
18:58:59.0655 0x0798  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:58:59.0660 0x0798  CertPropSvc - ok
18:58:59.0824 0x0798  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
18:58:59.0834 0x0798  cfWiMAXService - ok
18:58:59.0887 0x0798  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:58:59.0898 0x0798  circlass - ok
18:58:59.0970 0x0798  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:59:00.0020 0x0798  CLFS - ok
18:59:00.0163 0x0798  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:00.0721 0x0798  clr_optimization_v2.0.50727_32 - ok
18:59:00.0827 0x0798  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:00.0865 0x0798  clr_optimization_v2.0.50727_64 - ok
18:59:01.0122 0x0798  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:01.0489 0x0798  clr_optimization_v4.0.30319_32 - ok
18:59:01.0540 0x0798  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:01.0841 0x0798  clr_optimization_v4.0.30319_64 - ok
18:59:01.0892 0x0798  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:01.0895 0x0798  CmBatt - ok
18:59:01.0975 0x0798  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:59:01.0985 0x0798  cmdide - ok
18:59:02.0156 0x0798  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:59:02.0171 0x0798  CNG - ok
18:59:02.0221 0x0798  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:59:02.0224 0x0798  Compbatt - ok
18:59:02.0281 0x0798  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:59:02.0284 0x0798  CompositeBus - ok
18:59:02.0332 0x0798  COMSysApp - ok
18:59:02.0403 0x0798  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
18:59:02.0406 0x0798  ConfigFree Service - ok
18:59:02.0470 0x0798  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:59:02.0584 0x0798  crcdisk - ok
18:59:02.0644 0x0798  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:59:02.0651 0x0798  CryptSvc - ok
18:59:02.0793 0x0798  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:59:02.0816 0x0798  DcomLaunch - ok
18:59:02.0900 0x0798  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:59:02.0909 0x0798  defragsvc - ok
18:59:02.0959 0x0798  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:59:02.0964 0x0798  DfsC - ok
18:59:03.0017 0x0798  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:59:03.0027 0x0798  Dhcp - ok
18:59:03.0095 0x0798  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:59:03.0098 0x0798  discache - ok
18:59:03.0151 0x0798  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:59:03.0155 0x0798  Disk - ok
18:59:03.0246 0x0798  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:59:03.0253 0x0798  Dnscache - ok
18:59:03.0467 0x0798  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:59:03.0722 0x0798  dot3svc - ok
18:59:04.0040 0x0798  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:59:04.0181 0x0798  DPS - ok
18:59:04.0401 0x0798  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:59:04.0414 0x0798  drmkaud - ok
18:59:04.0689 0x0798  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:59:04.0876 0x0798  DXGKrnl - ok
18:59:04.0950 0x0798  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:59:04.0955 0x0798  EapHost - ok
18:59:05.0596 0x0798  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:59:05.0852 0x0798  ebdrv - ok
18:59:05.0917 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
18:59:05.0920 0x0798  EFS - ok
18:59:06.0600 0x0798  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:59:07.0459 0x0798  ehRecvr - ok
18:59:08.0030 0x0798  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:59:08.0046 0x0798  ehSched - ok
18:59:08.0397 0x0798  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:59:08.0423 0x0798  elxstor - ok
18:59:08.0545 0x0798  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:59:08.0585 0x0798  ErrDev - ok
18:59:09.0631 0x0798  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:59:09.0773 0x0798  EventSystem - ok
18:59:10.0399 0x0798  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:59:10.0491 0x0798  exfat - ok
18:59:10.0547 0x0798  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:59:10.0569 0x0798  fastfat - ok
18:59:10.0702 0x0798  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:59:10.0722 0x0798  Fax - ok
18:59:10.0906 0x0798  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:59:11.0052 0x0798  fdc - ok
18:59:11.0177 0x0798  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:59:11.0208 0x0798  fdPHost - ok
18:59:11.0283 0x0798  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:59:11.0307 0x0798  FDResPub - ok
18:59:11.0353 0x0798  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:59:11.0361 0x0798  FileInfo - ok
18:59:11.0406 0x0798  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:59:11.0419 0x0798  Filetrace - ok
18:59:11.0555 0x0798  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:59:11.0631 0x0798  flpydisk - ok
18:59:11.0740 0x0798  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:59:11.0751 0x0798  FltMgr - ok
18:59:12.0238 0x0798  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:59:12.0303 0x0798  FontCache - ok
18:59:12.0502 0x0798  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:12.0704 0x0798  FontCache3.0.0.0 - ok
18:59:12.0762 0x0798  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:59:12.0779 0x0798  FsDepends - ok
18:59:12.0840 0x0798  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:59:12.0888 0x0798  Fs_Rec - ok
18:59:13.0099 0x0798  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:59:13.0108 0x0798  fvevol - ok
18:59:13.0265 0x0798  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:59:13.0319 0x0798  gagp30kx - ok
18:59:13.0445 0x0798  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:59:13.0449 0x0798  GEARAspiWDM - ok
18:59:13.0644 0x0798  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:59:13.0667 0x0798  gpsvc - ok
18:59:13.0890 0x0798  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:13.0896 0x0798  gupdate - ok
18:59:13.0944 0x0798  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:13.0948 0x0798  gupdatem - ok
18:59:14.0014 0x0798  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:59:14.0024 0x0798  hcw85cir - ok
18:59:14.0197 0x0798  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:14.0209 0x0798  HdAudAddService - ok
18:59:14.0372 0x0798  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:59:14.0379 0x0798  HDAudBus - ok
18:59:14.0481 0x0798  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
18:59:14.0486 0x0798  HECIx64 - ok
18:59:14.0580 0x0798  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:59:14.0594 0x0798  HidBatt - ok
18:59:14.0730 0x0798  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:59:14.0746 0x0798  HidBth - ok
18:59:14.0779 0x0798  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:59:14.0808 0x0798  HidIr - ok
18:59:14.0902 0x0798  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:59:14.0905 0x0798  hidserv - ok
18:59:15.0178 0x0798  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:59:15.0205 0x0798  HidUsb - ok
18:59:15.0399 0x0798  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:59:15.0489 0x0798  hkmsvc - ok
18:59:15.0532 0x0798  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:15.0542 0x0798  HomeGroupListener - ok
18:59:15.0634 0x0798  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:15.0643 0x0798  HomeGroupProvider - ok
18:59:15.0716 0x0798  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:59:15.0755 0x0798  HpSAMD - ok
18:59:15.0995 0x0798  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:59:16.0050 0x0798  HTTP - ok
18:59:16.0101 0x0798  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:59:16.0104 0x0798  hwpolicy - ok
18:59:16.0181 0x0798  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:59:16.0186 0x0798  i8042prt - ok
18:59:16.0336 0x0798  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:59:16.0393 0x0798  iaStorV - ok
18:59:16.0528 0x0798  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:16.0730 0x0798  idsvc - ok
18:59:16.0798 0x0798  IEEtwCollectorService - ok
18:59:18.0574 0x0798  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:59:19.0106 0x0798  igfx - ok
18:59:19.0194 0x0798  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:59:19.0204 0x0798  iirsp - ok
18:59:19.0407 0x0798  [ C5B04409186A27409BD069580208A6D3, CAD4B07EB498BBDF730A8362BFDF02CF3A40B28001097CB8DBB5BE20D79581BA ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:59:19.0413 0x0798  IJPLMSVC - ok
18:59:19.0515 0x0798  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:59:19.0541 0x0798  IKEEXT - ok
18:59:19.0718 0x0798  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:59:19.0731 0x0798  intelide - ok
18:59:19.0854 0x0798  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:59:19.0858 0x0798  intelppm - ok
18:59:19.0905 0x0798  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:59:19.0913 0x0798  IPBusEnum - ok
18:59:19.0989 0x0798  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:20.0006 0x0798  IpFilterDriver - ok
18:59:20.0098 0x0798  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:59:20.0116 0x0798  iphlpsvc - ok
18:59:20.0153 0x0798  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:59:20.0168 0x0798  IPMIDRV - ok
18:59:20.0334 0x0798  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:59:20.0362 0x0798  IPNAT - ok
18:59:21.0007 0x0798  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:59:21.0102 0x0798  iPod Service - ok
18:59:21.0180 0x0798  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:59:21.0198 0x0798  IRENUM - ok
18:59:21.0224 0x0798  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:59:21.0236 0x0798  isapnp - ok
18:59:21.0313 0x0798  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:59:21.0384 0x0798  iScsiPrt - ok
18:59:21.0483 0x0798  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:21.0486 0x0798  kbdclass - ok
18:59:21.0559 0x0798  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:59:21.0572 0x0798  kbdhid - ok
18:59:21.0630 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
18:59:21.0632 0x0798  KeyIso - ok
18:59:23.0507 0x0798  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:59:23.0615 0x0798  kl1 - ok
18:59:25.0150 0x0798  [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
18:59:25.0160 0x0798  klflt - ok
18:59:25.0388 0x0798  [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:59:25.0436 0x0798  KLIF - ok
18:59:25.0674 0x0798  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:59:25.0677 0x0798  KLIM6 - ok
18:59:25.0750 0x0798  [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
18:59:25.0753 0x0798  klkbdflt - ok
18:59:25.0922 0x0798  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:59:25.0925 0x0798  klmouflt - ok
18:59:26.0065 0x0798  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
18:59:26.0124 0x0798  klpd - ok
18:59:26.0280 0x0798  [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
18:59:26.0392 0x0798  kltdi - ok
18:59:26.0499 0x0798  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
18:59:26.0508 0x0798  kneps - ok
18:59:26.0599 0x0798  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:59:26.0604 0x0798  KSecDD - ok
18:59:26.0651 0x0798  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:59:26.0658 0x0798  KSecPkg - ok
18:59:26.0753 0x0798  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:59:26.0756 0x0798  ksthunk - ok
18:59:26.0862 0x0798  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:59:26.0936 0x0798  KtmRm - ok
18:59:27.0067 0x0798  [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:59:27.0075 0x0798  L1C - ok
18:59:27.0186 0x0798  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:59:27.0196 0x0798  LanmanServer - ok
18:59:27.0477 0x0798  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:27.0512 0x0798  LanmanWorkstation - ok
18:59:27.0898 0x0798  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:59:27.0902 0x0798  lltdio - ok
18:59:27.0976 0x0798  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:59:27.0989 0x0798  lltdsvc - ok
18:59:28.0031 0x0798  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:59:28.0034 0x0798  lmhosts - ok
18:59:28.0159 0x0798  [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:59:28.0171 0x0798  LMS - ok
18:59:28.0241 0x0798  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:59:28.0256 0x0798  LSI_FC - ok
18:59:28.0291 0x0798  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:59:28.0297 0x0798  LSI_SAS - ok
18:59:28.0319 0x0798  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:59:28.0333 0x0798  LSI_SAS2 - ok
18:59:28.0412 0x0798  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:59:28.0429 0x0798  LSI_SCSI - ok
18:59:28.0485 0x0798  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:59:28.0490 0x0798  luafv - ok
18:59:28.0684 0x0798  [ 92008BFC4A409AD92DFBB50AF392AECC, 99B6B005B0DD4307D8A9A3AB08E81778B333AE5279EE5C5C18E9E2FBCBB56370 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:59:28.0698 0x0798  MBAMProtector - ok
18:59:28.0937 0x0798  [ 47DF4BC3D1561B6DAFA0862735FA1493, 88791A710DD71CCAE9FB772AD85BE94BA21B65D7C85937BE85D5B12885EC4CD3 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
18:59:29.0057 0x0798  MBAMScheduler - ok
18:59:29.0206 0x0798  [ 2CFC417EED3BF5DDA255CB7EF7E09D45, C70C3AC5A2D97904F2E27669AFE5F7EED0F25B387BEFD42B68E36D44F9A3D37D ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
18:59:29.0233 0x0798  MBAMService - ok
18:59:29.0261 0x0798  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:59:29.0266 0x0798  Mcx2Svc - ok
18:59:29.0296 0x0798  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:59:29.0307 0x0798  megasas - ok
18:59:29.0327 0x0798  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:59:29.0360 0x0798  MegaSR - ok
18:59:29.0430 0x0798  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:59:29.0545 0x0798  Microsoft Office Groove Audit Service - ok
18:59:29.0588 0x0798  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:59:29.0592 0x0798  MMCSS - ok
18:59:29.0614 0x0798  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:59:29.0618 0x0798  Modem - ok
18:59:29.0646 0x0798  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:59:29.0649 0x0798  monitor - ok
18:59:29.0687 0x0798  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:59:29.0691 0x0798  mouclass - ok
18:59:29.0711 0x0798  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:59:29.0731 0x0798  mouhid - ok
18:59:29.0763 0x0798  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:59:29.0768 0x0798  mountmgr - ok
18:59:29.0841 0x0798  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:59:29.0912 0x0798  MozillaMaintenance - ok
18:59:29.0938 0x0798  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:59:29.0957 0x0798  mpio - ok
18:59:29.0979 0x0798  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:59:29.0984 0x0798  mpsdrv - ok
18:59:30.0048 0x0798  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:59:30.0072 0x0798  MpsSvc - ok
18:59:30.0104 0x0798  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:59:30.0122 0x0798  MRxDAV - ok
18:59:30.0143 0x0798  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:30.0149 0x0798  mrxsmb - ok
18:59:30.0183 0x0798  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:30.0193 0x0798  mrxsmb10 - ok
18:59:30.0222 0x0798  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:30.0227 0x0798  mrxsmb20 - ok
18:59:30.0265 0x0798  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:59:30.0268 0x0798  msahci - ok
18:59:30.0303 0x0798  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:59:30.0322 0x0798  msdsm - ok
18:59:30.0336 0x0798  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:59:30.0343 0x0798  MSDTC - ok
18:59:30.0371 0x0798  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:59:30.0374 0x0798  Msfs - ok
18:59:30.0394 0x0798  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:59:30.0404 0x0798  mshidkmdf - ok
18:59:30.0418 0x0798  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:59:30.0421 0x0798  msisadrv - ok
18:59:30.0456 0x0798  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:59:30.0463 0x0798  MSiSCSI - ok
18:59:30.0470 0x0798  msiserver - ok
18:59:30.0529 0x0798  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:59:30.0540 0x0798  MSKSSRV - ok
18:59:30.0563 0x0798  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:30.0583 0x0798  MSPCLOCK - ok
18:59:30.0603 0x0798  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:59:30.0614 0x0798  MSPQM - ok
18:59:30.0662 0x0798  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:59:30.0674 0x0798  MsRPC - ok
18:59:30.0703 0x0798  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:59:30.0706 0x0798  mssmbios - ok
18:59:30.0742 0x0798  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:59:30.0753 0x0798  MSTEE - ok
18:59:30.0776 0x0798  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:59:30.0791 0x0798  MTConfig - ok
18:59:30.0825 0x0798  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:59:30.0829 0x0798  Mup - ok
18:59:30.0876 0x0798  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:59:30.0892 0x0798  napagent - ok
18:59:30.0944 0x0798  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:59:30.0955 0x0798  NativeWifiP - ok
18:59:31.0075 0x0798  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:59:31.0098 0x0798  NAUpdate - ok
18:59:31.0162 0x0798  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:59:31.0201 0x0798  NDIS - ok
18:59:31.0237 0x0798  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:31.0249 0x0798  NdisCap - ok
18:59:31.0270 0x0798  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:31.0272 0x0798  NdisTapi - ok
18:59:31.0288 0x0798  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:31.0297 0x0798  Ndisuio - ok
18:59:31.0321 0x0798  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:31.0327 0x0798  NdisWan - ok
18:59:31.0341 0x0798  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:59:31.0353 0x0798  NDProxy - ok
18:59:31.0378 0x0798  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:59:31.0382 0x0798  NetBIOS - ok
18:59:31.0406 0x0798  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:59:31.0425 0x0798  NetBT - ok
18:59:31.0443 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
18:59:31.0445 0x0798  Netlogon - ok
18:59:31.0544 0x0798  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:59:31.0557 0x0798  Netman - ok
18:59:31.0619 0x0798  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:31.0760 0x0798  NetMsmqActivator - ok
18:59:31.0767 0x0798  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:31.0771 0x0798  NetPipeActivator - ok
18:59:31.0812 0x0798  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:59:31.0826 0x0798  netprofm - ok
18:59:31.0852 0x0798  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:31.0856 0x0798  NetTcpActivator - ok
18:59:31.0863 0x0798  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:31.0867 0x0798  NetTcpPortSharing - ok
18:59:31.0910 0x0798  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:59:31.0944 0x0798  nfrd960 - ok
18:59:31.0989 0x0798  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:59:32.0000 0x0798  NlaSvc - ok
18:59:32.0010 0x0798  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:59:32.0013 0x0798  Npfs - ok
18:59:32.0050 0x0798  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:59:32.0053 0x0798  nsi - ok
18:59:32.0079 0x0798  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:59:32.0082 0x0798  nsiproxy - ok
18:59:32.0168 0x0798  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:59:32.0214 0x0798  Ntfs - ok
18:59:32.0234 0x0798  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:59:32.0237 0x0798  Null - ok
18:59:32.0259 0x0798  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:59:32.0276 0x0798  nvraid - ok
18:59:32.0298 0x0798  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:59:32.0331 0x0798  nvstor - ok
18:59:32.0357 0x0798  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:59:32.0374 0x0798  nv_agp - ok
18:59:32.0461 0x0798  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:59:32.0705 0x0798  odserv - ok
18:59:32.0729 0x0798  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:59:32.0743 0x0798  ohci1394 - ok
18:59:32.0807 0x0798  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:32.0841 0x0798  ose - ok
18:59:32.0889 0x0798  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:59:32.0900 0x0798  p2pimsvc - ok
18:59:32.0929 0x0798  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:59:32.0944 0x0798  p2psvc - ok
18:59:32.0969 0x0798  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:59:32.0987 0x0798  Parport - ok
18:59:33.0014 0x0798  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:59:33.0018 0x0798  partmgr - ok
18:59:33.0046 0x0798  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:59:33.0054 0x0798  PcaSvc - ok
18:59:33.0094 0x0798  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:59:33.0101 0x0798  pci - ok
18:59:33.0129 0x0798  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:59:33.0140 0x0798  pciide - ok
18:59:33.0168 0x0798  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:59:33.0201 0x0798  pcmcia - ok
18:59:33.0253 0x0798  [ 60F19AF0A9A26851AD9BC2D981AFBAC6, C76DD87891E3E30DB2AED057E7B04C19CA264F434C21F68A7A2D9B17A97AFF39 ] PCTCore         C:\Windows\system32\drivers\PCTCore64.sys
18:59:33.0276 0x0798  PCTCore - ok
18:59:33.0322 0x0798  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:59:33.0326 0x0798  pcw - ok
18:59:33.0359 0x0798  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:59:33.0378 0x0798  PEAUTH - ok
18:59:33.0463 0x0798  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:59:33.0479 0x0798  PerfHost - ok
18:59:33.0522 0x0798  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
18:59:33.0525 0x0798  PGEffect - ok
18:59:33.0607 0x0798  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:59:33.0656 0x0798  pla - ok
18:59:33.0706 0x0798  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:59:33.0719 0x0798  PlugPlay - ok
18:59:33.0732 0x0798  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:59:33.0786 0x0798  PNRPAutoReg - ok
18:59:33.0811 0x0798  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:59:33.0820 0x0798  PNRPsvc - ok
18:59:33.0859 0x0798  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:59:33.0874 0x0798  PolicyAgent - ok
18:59:33.0916 0x0798  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:59:33.0923 0x0798  Power - ok
18:59:33.0967 0x0798  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:59:33.0974 0x0798  PptpMiniport - ok
18:59:33.0990 0x0798  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:59:34.0001 0x0798  Processor - ok
18:59:34.0043 0x0798  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:59:34.0050 0x0798  ProfSvc - ok
18:59:34.0066 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:34.0068 0x0798  ProtectedStorage - ok
18:59:34.0097 0x0798  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:59:34.0104 0x0798  Psched - ok
18:59:34.0159 0x0798  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:59:34.0188 0x0798  PxHlpa64 - ok
18:59:34.0275 0x0798  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:59:34.0335 0x0798  ql2300 - ok
18:59:34.0361 0x0798  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:59:34.0381 0x0798  ql40xx - ok
18:59:34.0422 0x0798  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:59:34.0447 0x0798  QWAVE - ok
18:59:34.0612 0x0798  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:59:34.0647 0x0798  QWAVEdrv - ok
18:59:34.0723 0x0798  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:59:34.0746 0x0798  RasAcd - ok
18:59:34.0806 0x0798  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:34.0810 0x0798  RasAgileVpn - ok
18:59:34.0873 0x0798  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:59:34.0889 0x0798  RasAuto - ok
18:59:34.0921 0x0798  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:34.0927 0x0798  Rasl2tp - ok
18:59:35.0029 0x0798  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:59:35.0059 0x0798  RasMan - ok
18:59:35.0074 0x0798  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:35.0078 0x0798  RasPppoe - ok
18:59:35.0115 0x0798  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:59:35.0119 0x0798  RasSstp - ok
18:59:35.0158 0x0798  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:59:35.0169 0x0798  rdbss - ok
18:59:35.0187 0x0798  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:59:35.0198 0x0798  rdpbus - ok
18:59:35.0219 0x0798  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:35.0222 0x0798  RDPCDD - ok
18:59:35.0265 0x0798  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:59:35.0268 0x0798  RDPENCDD - ok
18:59:35.0281 0x0798  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:59:35.0283 0x0798  RDPREFMP - ok
18:59:35.0327 0x0798  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:59:35.0360 0x0798  RDPWD - ok
18:59:35.0394 0x0798  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:59:35.0401 0x0798  rdyboost - ok
18:59:35.0425 0x0798  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:59:35.0430 0x0798  RemoteAccess - ok
18:59:35.0468 0x0798  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:59:35.0486 0x0798  RemoteRegistry - ok
18:59:35.0538 0x0798  [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:59:35.0557 0x0798  RimUsb - ok
18:59:35.0589 0x0798  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:59:35.0593 0x0798  RimVSerPort - ok
18:59:35.0632 0x0798  [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
18:59:35.0635 0x0798  ROOTMODEM - ok
18:59:35.0657 0x0798  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:59:35.0661 0x0798  RpcEptMapper - ok
18:59:35.0690 0x0798  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:59:35.0694 0x0798  RpcLocator - ok
18:59:35.0729 0x0798  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:59:35.0743 0x0798  RpcSs - ok
18:59:35.0768 0x0798  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:59:35.0772 0x0798  rspndr - ok
18:59:35.0819 0x0798  [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:59:35.0841 0x0798  RSUSBSTOR - ok
18:59:35.0854 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
18:59:35.0856 0x0798  SamSs - ok
18:59:35.0900 0x0798  [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
18:59:35.0934 0x0798  Samsung UPD Service - ok
18:59:35.0967 0x0798  sbapifs - ok
18:59:35.0989 0x0798  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:59:36.0004 0x0798  sbp2port - ok
18:59:36.0038 0x0798  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:59:36.0058 0x0798  SCardSvr - ok
18:59:36.0085 0x0798  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:59:36.0095 0x0798  scfilter - ok
18:59:36.0151 0x0798  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:59:36.0185 0x0798  Schedule - ok
18:59:36.0214 0x0798  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:59:36.0217 0x0798  SCPolicySvc - ok
18:59:36.0343 0x0798  [ A1089AC7683826E6C7C9FAB9723DD80F, 8C8E29DA3A53CAC5B4294276DB50D44D7C90209EF40A0CD955D5BE25C0CF9985 ] sdAuxService    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
18:59:36.0355 0x0798  sdAuxService - ok
18:59:36.0425 0x0798  [ 06F95756353653C7D505361117186713, A010E03808FD5ACC92B8181C68509F561563CB53A257CDFD8B7449565B5D4065 ] sdCoreService   C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
18:59:36.0458 0x0798  sdCoreService - ok
18:59:36.0498 0x0798  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:59:36.0517 0x0798  SDRSVC - ok
18:59:36.0550 0x0798  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:59:36.0553 0x0798  secdrv - ok
18:59:36.0577 0x0798  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:59:36.0587 0x0798  seclogon - ok
18:59:36.0607 0x0798  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:59:36.0612 0x0798  SENS - ok
18:59:36.0631 0x0798  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:59:36.0656 0x0798  SensrSvc - ok
18:59:36.0672 0x0798  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:59:36.0683 0x0798  Serenum - ok
18:59:36.0718 0x0798  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:59:36.0733 0x0798  Serial - ok
18:59:36.0761 0x0798  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:59:36.0773 0x0798  sermouse - ok
18:59:36.0806 0x0798  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:59:36.0822 0x0798  SessionEnv - ok
18:59:36.0853 0x0798  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:59:36.0864 0x0798  sffdisk - ok
18:59:36.0884 0x0798  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:59:36.0892 0x0798  sffp_mmc - ok
18:59:36.0904 0x0798  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:59:36.0927 0x0798  sffp_sd - ok
18:59:36.0942 0x0798  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:59:36.0952 0x0798  sfloppy - ok
18:59:37.0012 0x0798  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:59:37.0024 0x0798  SharedAccess - ok
18:59:37.0053 0x0798  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:37.0066 0x0798  ShellHWDetection - ok
18:59:37.0101 0x0798  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:59:37.0112 0x0798  SiSRaid2 - ok
18:59:37.0129 0x0798  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:59:37.0142 0x0798  SiSRaid4 - ok
18:59:37.0246 0x0798  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:59:37.0253 0x0798  SkypeUpdate - ok
18:59:37.0311 0x0798  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:59:37.0327 0x0798  Smb - ok
18:59:37.0367 0x0798  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:59:37.0371 0x0798  SNMPTRAP - ok
18:59:37.0385 0x0798  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:59:37.0388 0x0798  spldr - ok
18:59:37.0450 0x0798  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:59:37.0469 0x0798  Spooler - ok
18:59:37.0617 0x0798  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:59:37.0751 0x0798  sppsvc - ok
18:59:37.0773 0x0798  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:59:37.0786 0x0798  sppuinotify - ok
18:59:37.0833 0x0798  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:59:37.0847 0x0798  srv - ok
18:59:37.0875 0x0798  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:59:37.0888 0x0798  srv2 - ok
18:59:37.0916 0x0798  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:59:37.0922 0x0798  srvnet - ok
18:59:37.0966 0x0798  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:59:37.0974 0x0798  SSDPSRV - ok
18:59:38.0081 0x0798  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
18:59:38.0083 0x0798  SSPORT - ok
18:59:38.0120 0x0798  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:59:38.0125 0x0798  SstpSvc - ok
18:59:38.0153 0x0798  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:59:38.0174 0x0798  stexstor - ok
18:59:38.0235 0x0798  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:59:38.0255 0x0798  stisvc - ok
18:59:38.0289 0x0798  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:59:38.0291 0x0798  swenum - ok
18:59:38.0338 0x0798  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:59:38.0356 0x0798  swprv - ok
18:59:38.0411 0x0798  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:59:38.0422 0x0798  SynTP - ok
18:59:38.0522 0x0798  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:59:38.0571 0x0798  SysMain - ok
18:59:38.0604 0x0798  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:38.0618 0x0798  TabletInputService - ok
18:59:38.0647 0x0798  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:59:38.0671 0x0798  TapiSrv - ok
18:59:38.0725 0x0798  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:59:38.0729 0x0798  TBS - ok
18:59:38.0821 0x0798  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:59:38.0910 0x0798  Tcpip - ok
18:59:38.0988 0x0798  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:59:39.0031 0x0798  TCPIP6 - ok
18:59:39.0071 0x0798  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:59:39.0075 0x0798  tcpipreg - ok
18:59:39.0115 0x0798  tdcmdpst - ok
18:59:39.0142 0x0798  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:59:39.0153 0x0798  TDPIPE - ok
18:59:39.0188 0x0798  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:59:39.0205 0x0798  TDTCP - ok
18:59:39.0231 0x0798  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:59:39.0237 0x0798  tdx - ok
18:59:39.0250 0x0798  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:59:39.0254 0x0798  TermDD - ok
18:59:39.0311 0x0798  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
18:59:39.0340 0x0798  TermService - ok
18:59:39.0360 0x0798  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:59:39.0364 0x0798  Themes - ok
18:59:39.0399 0x0798  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:59:39.0403 0x0798  THREADORDER - ok
18:59:39.0463 0x0798  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:59:39.0478 0x0798  TMachInfo - ok
18:59:39.0499 0x0798  [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv         C:\Windows\SysWOW64\TODDSrv.exe
18:59:39.0506 0x0798  TODDSrv - ok
18:59:39.0604 0x0798  [ B578F7E7914E7D9EB161032A613DE3BD, 93D5F6F8896C2380A630C876A545B8E726A74B82D787B7CD6979A36D71C5E80D ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:59:39.0612 0x0798  TOSHIBA Bluetooth Service - ok
18:59:39.0643 0x0798  [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
18:59:39.0647 0x0798  tosporte - ok
18:59:39.0667 0x0798  [ 1B09357180034639E62CF745E77AC66E, CF8B6FFFB97EE06B3415F0D542C7362CD2B4D9FA8287EC4CE962CC5C4C666B7F ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
18:59:39.0675 0x0798  tosrfbd - ok
18:59:39.0709 0x0798  [ 62512B5277D88600F8BD4B7AEC43569D, 94724FEF7CD61E8E614921C94B24237E7E7E51DA6B9530E953F37E010F94F504 ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
18:59:39.0720 0x0798  tosrfbnp - ok
18:59:39.0745 0x0798  [ C523A9186C39D65CC9ADEBB2E1B93CCD, B04E73CAFFD8100512686F3487D28FE62AC3538F6A71DBC94AA724824256E2E4 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
18:59:39.0749 0x0798  Tosrfcom - ok
18:59:39.0772 0x0798  [ 11699D47B3491D86249C168496D55C92, BAE7DC248F44BB036641C1E60103F368B7BFE1AAFDCB4BD25FE9A3A970B3A572 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
18:59:39.0775 0x0798  tosrfec - ok
18:59:39.0789 0x0798  [ 451B8C1815C6CC39650AF916C2A382CD, 562B90A9D15F728D76E274FD165D82AACED54B29910001C8C7DB1E3DE9386E16 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
18:59:39.0794 0x0798  Tosrfhid - ok
18:59:39.0838 0x0798  [ B6FDC3C76FFE9C5171EEA9C37EA367C2, 4F8D4E2E37164DB91F396B836BD888CF221010103CF3FBECE00B747155819374 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
18:59:39.0848 0x0798  tosrfnds - ok
18:59:39.0864 0x0798  [ E1E045240C1184FA6628F3C7E7FF85D8, ECCC7C3D015D46D36A8BDF463BF274F5FD0A04F391B6576998035FE188CF8853 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
18:59:39.0876 0x0798  TosRfSnd - ok
18:59:39.0893 0x0798  [ DE44A2A2459D0504F146E599F4BD2074, E400F8E0C9D9CC8A523765754634073F531E7B76E8135A734DA976EA86AC5282 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
18:59:39.0902 0x0798  Tosrfusb - ok
18:59:39.0934 0x0798  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:59:39.0940 0x0798  TrkWks - ok
18:59:40.0000 0x0798  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:40.0017 0x0798  TrustedInstaller - ok
18:59:40.0055 0x0798  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:40.0066 0x0798  tssecsrv - ok
18:59:40.0090 0x0798  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:59:40.0101 0x0798  TsUsbFlt - ok
18:59:40.0134 0x0798  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:59:40.0143 0x0798  TsUsbGD - ok
18:59:40.0180 0x0798  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:59:40.0185 0x0798  tunnel - ok
18:59:40.0237 0x0798  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:59:40.0240 0x0798  TVALZ - ok
18:59:40.0268 0x0798  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:59:40.0281 0x0798  uagp35 - ok
18:59:40.0312 0x0798  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:59:40.0340 0x0798  udfs - ok
18:59:40.0375 0x0798  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:59:40.0386 0x0798  UI0Detect - ok
18:59:40.0412 0x0798  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:59:40.0425 0x0798  uliagpkx - ok
18:59:40.0449 0x0798  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:59:40.0452 0x0798  umbus - ok
18:59:40.0471 0x0798  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:59:40.0493 0x0798  UmPass - ok
18:59:40.0642 0x0798  [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:59:40.0705 0x0798  UNS - ok
18:59:40.0747 0x0798  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:59:40.0760 0x0798  upnphost - ok
18:59:40.0827 0x0798  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:59:40.0839 0x0798  USBAAPL64 - ok
18:59:40.0872 0x0798  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:40.0877 0x0798  usbccgp - ok
18:59:40.0926 0x0798  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:59:40.0941 0x0798  usbcir - ok
18:59:40.0971 0x0798  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:59:40.0974 0x0798  usbehci - ok
18:59:41.0024 0x0798  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:59:41.0036 0x0798  usbhub - ok
18:59:41.0055 0x0798  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:59:41.0066 0x0798  usbohci - ok
18:59:41.0098 0x0798  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:59:41.0109 0x0798  usbprint - ok
18:59:41.0128 0x0798  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:41.0133 0x0798  USBSTOR - ok
18:59:41.0159 0x0798  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:59:41.0170 0x0798  usbuhci - ok
18:59:41.0223 0x0798  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:59:41.0230 0x0798  usbvideo - ok
18:59:41.0262 0x0798  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:59:41.0266 0x0798  UxSms - ok
18:59:41.0277 0x0798  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
18:59:41.0279 0x0798  VaultSvc - ok
18:59:41.0314 0x0798  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:59:41.0317 0x0798  vdrvroot - ok
18:59:41.0373 0x0798  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:59:41.0398 0x0798  vds - ok
18:59:41.0435 0x0798  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:41.0447 0x0798  vga - ok
18:59:41.0468 0x0798  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:59:41.0471 0x0798  VgaSave - ok
18:59:41.0490 0x0798  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:59:41.0528 0x0798  vhdmp - ok
18:59:41.0543 0x0798  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:59:41.0553 0x0798  viaide - ok
18:59:41.0615 0x0798  [ F9D116EF357C1026B4F6BF670541426A, FA6F29EB0A6A5788E67EC1EC0B120B0E7E1B3E722AE6A405A8F7907A3A9A9C8E ] vmwvusb         C:\Windows\system32\Drivers\vmwvusb.sys
18:59:41.0619 0x0798  vmwvusb - ok
18:59:41.0646 0x0798  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:59:41.0650 0x0798  volmgr - ok
18:59:41.0676 0x0798  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:59:41.0689 0x0798  volmgrx - ok
18:59:41.0719 0x0798  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:59:41.0756 0x0798  volsnap - ok
18:59:41.0928 0x0798  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:59:41.0978 0x0798  vsmraid - ok
18:59:42.0069 0x0798  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:59:42.0115 0x0798  VSS - ok
18:59:42.0133 0x0798  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:42.0136 0x0798  vwifibus - ok
18:59:42.0151 0x0798  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:42.0154 0x0798  vwififlt - ok
18:59:42.0176 0x0798  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:42.0178 0x0798  vwifimp - ok
18:59:42.0219 0x0798  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:59:42.0232 0x0798  W32Time - ok
18:59:42.0264 0x0798  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:59:42.0275 0x0798  WacomPen - ok
18:59:42.0300 0x0798  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:59:42.0305 0x0798  WANARP - ok
18:59:42.0310 0x0798  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:59:42.0313 0x0798  Wanarpv6 - ok
18:59:42.0381 0x0798  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:42.0428 0x0798  WatAdminSvc - ok
18:59:42.0509 0x0798  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:59:42.0560 0x0798  wbengine - ok
18:59:42.0611 0x0798  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:59:42.0647 0x0798  WbioSrvc - ok
18:59:42.0677 0x0798  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:59:42.0705 0x0798  wcncsvc - ok
18:59:42.0720 0x0798  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:42.0738 0x0798  WcsPlugInService - ok
18:59:42.0764 0x0798  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:59:42.0768 0x0798  Wd - ok
18:59:42.0831 0x0798  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:59:42.0855 0x0798  Wdf01000 - ok
18:59:42.0895 0x0798  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:59:42.0901 0x0798  WdiServiceHost - ok
18:59:42.0908 0x0798  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:59:42.0912 0x0798  WdiSystemHost - ok
18:59:42.0957 0x0798  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:59:42.0981 0x0798  WebClient - ok
18:59:43.0013 0x0798  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:59:43.0036 0x0798  Wecsvc - ok
18:59:43.0056 0x0798  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:59:43.0061 0x0798  wercplsupport - ok
18:59:43.0103 0x0798  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:59:43.0108 0x0798  WerSvc - ok
18:59:43.0133 0x0798  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:43.0136 0x0798  WfpLwf - ok
18:59:43.0174 0x0798  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:59:43.0185 0x0798  WIMMount - ok
18:59:43.0217 0x0798  WinDefend - ok
18:59:43.0233 0x0798  WinHttpAutoProxySvc - ok
18:59:43.0291 0x0798  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:59:43.0302 0x0798  Winmgmt - ok
18:59:43.0400 0x0798  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:59:43.0499 0x0798  WinRM - ok
18:59:43.0567 0x0798  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:59:43.0593 0x0798  WinUsb - ok
18:59:43.0651 0x0798  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:59:43.0678 0x0798  Wlansvc - ok
18:59:43.0772 0x0798  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:59:43.0785 0x0798  wlcrasvc - ok
18:59:43.0899 0x0798  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:59:43.0962 0x0798  wlidsvc - ok
18:59:43.0995 0x0798  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:59:43.0997 0x0798  WmiAcpi - ok
18:59:44.0036 0x0798  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:59:44.0064 0x0798  wmiApSrv - ok
18:59:44.0106 0x0798  WMPNetworkSvc - ok
18:59:44.0129 0x0798  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:59:44.0140 0x0798  WPCSvc - ok
18:59:44.0161 0x0798  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:59:44.0168 0x0798  WPDBusEnum - ok
18:59:44.0191 0x0798  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:59:44.0194 0x0798  ws2ifsl - ok
18:59:44.0219 0x0798  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:59:44.0225 0x0798  wscsvc - ok
18:59:44.0230 0x0798  WSearch - ok
18:59:44.0315 0x0798  [ D50CD7E45963F42F54B045BFB22A41EF, A0E42E5ECFB564AF7386F9A40E41AB951C90B8790D33EAFE3AA14B18E818CEF7 ] wsnm            C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
18:59:44.0330 0x0798  wsnm - ok
18:59:44.0406 0x0798  [ 0872B00981A1D64ABED903023D2D7F26, 992D057889BBAA215BC3402AEFC37B60356C883FB74D14E8DAD11AE7DFE385C3 ] wsnm_usbctrl    C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
18:59:44.0440 0x0798  wsnm_usbctrl - ok
18:59:44.0673 0x0798  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:59:44.0775 0x0798  wuauserv - ok
18:59:44.0823 0x0798  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:59:44.0847 0x0798  WudfPf - ok
18:59:44.0898 0x0798  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:44.0918 0x0798  WUDFRd - ok
18:59:44.0936 0x0798  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:59:44.0950 0x0798  wudfsvc - ok
18:59:44.0993 0x0798  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:59:45.0011 0x0798  WwanSvc - ok
18:59:45.0049 0x0798  ================ Scan global ===============================
18:59:45.0070 0x0798  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:59:45.0103 0x0798  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:59:45.0120 0x0798  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:59:45.0151 0x0798  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:59:45.0192 0x0798  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:59:45.0203 0x0798  [ Global ] - ok
18:59:45.0204 0x0798  ================ Scan MBR ==================================
18:59:45.0215 0x0798  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:59:45.0544 0x0798  \Device\Harddisk0\DR0 - ok
18:59:45.0847 0x0798  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
18:59:46.0232 0x0798  \Device\Harddisk1\DR1 - ok
18:59:46.0234 0x0798  ================ Scan VBR ==================================
18:59:46.0247 0x0798  [ 93944129500F4AA74C6DA5E801F207F4 ] \Device\Harddisk0\DR0\Partition1
18:59:46.0248 0x0798  \Device\Harddisk0\DR0\Partition1 - ok
18:59:46.0257 0x0798  [ DEB46CEFEC283415473F5B1BCC235E50 ] \Device\Harddisk0\DR0\Partition2
18:59:46.0258 0x0798  \Device\Harddisk0\DR0\Partition2 - ok
18:59:46.0262 0x0798  [ B0E99C2E67D210461F70AA511F5AFA19 ] \Device\Harddisk1\DR1\Partition1
18:59:46.0371 0x0798  \Device\Harddisk1\DR1\Partition1 - ok
18:59:46.0372 0x0798  Waiting for KSN requests completion. In queue: 301
18:59:47.0372 0x0798  Waiting for KSN requests completion. In queue: 301
18:59:48.0372 0x0798  Waiting for KSN requests completion. In queue: 301
18:59:49.0372 0x0798  Waiting for KSN requests completion. In queue: 301
18:59:50.0372 0x0798  Waiting for KSN requests completion. In queue: 204
18:59:51.0847 0x0798  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
18:59:51.0877 0x0798  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
19:00:05.0243 0x0798  ============================================================
19:00:05.0243 0x0798  Scan finished
19:00:05.0243 0x0798  ============================================================
19:00:05.0257 0x114c  Detected object count: 0
19:00:05.0257 0x114c  Actual detected object count: 0
 
Please kindly advise on the next step.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 27 March 2014 - 06:15 AM

Going over your logs I noticed that you have µTorrent and BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent and BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 09:26 AM

Hi Marius,

 

Thanks for reminding. I have removed both Torrent programs.

 

Below is log file by Combofix.

 

ComboFix 14-03-24.01 - You Li 03/27/2014  22:01:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1910.717 [GMT 8:00]
Running from: c:\users\You Li\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\You Li\Desktop\Adware-Removal-Tool-v3.8.exe
c:\users\You Li\Documents\~WRL0005.tmp
H:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-27 to 2014-03-27  )))))))))))))))))))))))))))))))
.
.
2014-03-27 14:13 . 2014-03-27 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-26 02:08 . 2014-03-26 02:08 119512 ----a-w- c:\windows\system32\drivers\490D7795.sys
2014-03-26 02:06 . 2014-03-26 02:06 119512 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-03-26 02:05 . 2014-03-26 02:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-26 02:05 . 2014-03-05 01:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-26 02:05 . 2014-03-05 01:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-26 01:25 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3A87F04-EDC9-49C9-9B8F-CB33E9539399}\mpengine.dll
2014-03-25 10:45 . 2010-01-22 01:55 767952 ----a-w- c:\windows\BDTSupport.dll
2014-03-25 10:45 . 2010-01-22 01:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2014-03-25 10:45 . 2010-01-22 01:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2014-03-25 10:45 . 2010-01-22 01:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2014-03-25 10:44 . 2010-02-05 01:18 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2014-03-25 10:44 . 2010-02-05 01:17 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2014-03-25 10:44 . 2010-03-29 02:06 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2014-03-25 10:43 . 2010-04-08 07:06 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2014-03-25 10:43 . 2014-03-25 10:46 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-03-25 10:43 . 2014-03-27 10:53 -------- d-----w- c:\program files (x86)\Spyware Doctor
2014-03-25 10:43 . 2014-03-25 10:43 -------- d-----w- c:\users\You Li\AppData\Roaming\PC Tools
2014-03-25 10:43 . 2014-03-25 10:43 -------- d-----w- c:\programdata\PC Tools
2014-03-24 12:10 . 2014-03-24 12:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-24 12:10 . 2014-03-27 10:42 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-24 05:26 . 2013-05-06 01:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2014-03-24 05:24 . 2014-03-24 05:24 -------- d-----w- c:\windows\ELAMBKUP
2014-03-24 05:24 . 2014-03-27 13:01 -------- d-----w- c:\programdata\Kaspersky Lab
2014-03-24 05:24 . 2014-03-24 05:24 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-03-24 05:24 . 2014-03-24 08:47 625248 ----a-w- c:\windows\system32\drivers\klif.sys
2014-03-24 05:24 . 2014-03-24 08:47 115296 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-03-24 03:32 . 2014-03-24 03:32 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-03-22 04:26 . 2014-03-22 05:02 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-03-22 04:15 . 2014-03-22 05:09 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-03-22 03:20 . 2014-03-22 03:20 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-03-22 03:20 . 2014-03-22 04:13 -------- d-----w- c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-03-22 03:04 . 2014-03-22 03:05 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 02:34 . 2014-03-22 02:34 -------- d-----w- c:\program files\Enigma Software Group
2014-03-22 02:21 . 2014-03-22 02:21 -------- d-----w- c:\programdata\AVAST Software
2014-03-18 03:57 . 2014-03-22 01:13 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-03-18 03:56 . 2014-03-22 01:23 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-03-18 03:56 . 2014-03-18 03:56 -------- d-----w- c:\program files\Common Files\Microsoft
2014-03-15 10:11 . 2014-03-15 10:11 -------- d-----w- c:\users\You Li\AppData\Roaming\Skins
2014-03-15 10:01 . 2014-03-15 10:01 -------- d-----w- c:\users\You Li\AppData\Roaming\Ad
2014-03-12 02:56 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 02:56 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 02:56 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 02:56 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 02:52 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 02:52 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 02:51 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 02:51 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:56 . 2014-03-11 13:56 -------- d-----w- c:\programdata\ParetoLogic
2014-03-11 13:56 . 2014-03-11 13:56 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2014-03-11 13:56 . 2014-03-11 13:56 -------- d-----w- c:\program files (x86)\ParetoLogic
2014-03-11 13:53 . 2014-03-11 13:53 -------- d-----w- c:\programdata\Cached Installations
2014-03-11 02:06 . 2014-03-11 02:06 -------- d-----w- c:\users\You Li\AppData\Roaming\PowerISO
2014-03-11 01:31 . 2014-03-11 01:31 -------- d-----w- c:\users\You Li\AppData\Local\ElevatedDiagnostics
2014-03-01 05:01 . 2014-03-01 05:01 -------- d-----w- c:\users\You Li\AppData\Local\Skype
2014-03-01 05:00 . 2014-03-01 05:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-26 08:11 . 2014-02-26 08:11 -------- d-----w- c:\windows\Migration
2014-02-26 08:08 . 2014-02-26 08:09 -------- d-----w- C:\4478c055809c36381aedddfafb
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-24 08:47 . 2013-10-11 05:25 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-03-24 08:47 . 2013-06-06 09:38 178272 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-03-24 08:47 . 2013-10-11 05:25 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-03-19 11:43 . 2011-10-12 12:13 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 04:22 . 2012-04-14 02:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 04:22 . 2011-10-13 10:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-05 02:00 222832 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-05 02:00 222832 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-05 02:00 222832 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\users\You Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\You Li\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys;c:\windows\SYSNATIVE\Drivers\vmwvusb.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 78986747
*Deregistered* - 78986747
*Deregistered* - MBAMWebAccessControl
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:22]
.
2014-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2458691290-4121066166-3127418973-1000Core.job
- c:\users\You Li\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 03:56]
.
2014-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2458691290-4121066166-3127418973-1000UA.job
- c:\users\You Li\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 03:56]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 03:26]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 03:26]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458691290-4121066166-3127418973-1000Core.job
- c:\users\You Li\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 04:13]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458691290-4121066166-3127418973-1000UA.job
- c:\users\You Li\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 04:13]
.
2014-03-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-03-24 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 04:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-05 02:00 261744 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-05 02:00 261744 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-05 02:00 261744 ----a-w- c:\users\You Li\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\You Li\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 07:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 07:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 07:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 07:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 07:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 68.168.98.196 8.8.8.8
FF - ProfilePath - c:\users\You Li\AppData\Roaming\Mozilla\Firefox\Profiles\3o4xjyka.default\
FF - ExtSQL: 2014-03-24 16:47; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-03-24 16:48; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-27  22:18:15
ComboFix-quarantined-files.txt  2014-03-27 14:18
.
Pre-Run: 88,771,289,088 bytes free
Post-Run: 87,896,989,696 bytes free
.
- - End Of File - - 0D15DCB5ABE17B305A87F7BC612A0384
A36C5E4F47E84449FF07ED3517B43A31

Edited by fasciola, 27 March 2014 - 09:27 AM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 27 March 2014 - 10:36 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 27 March 2014 - 11:30 PM

Hi Marius, really appreciate for your fast reply.

 

Below is report from MBAB.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/28/2014
Scan Time: 10:10:44 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.03.28.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: You Li
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266233
Time Elapsed: 28 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Below is the list of found threats from ESET Online Scanner.
 
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\Local\Conduit\CT2475029\MyAshampooAutoUpdaterHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\Local\Conduit\CT2790392\BitTorrentBarAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\Local\Conduit\CT3220468\uTorrentControl_v2AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\BitTorrentBar\tbBitT.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\uTorrentControl2\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\uTorrentControl_v2\ldrtbuTor.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\You Li\AppData\LocalLow\uTorrentControl_v2\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\crt7CE1.tmp.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\utt6302.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\utt941F.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\uttA233.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\uttE14E.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\Users\You Li\Downloads\fulldvdripper-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\You Li\Downloads\rcsetup143.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\el Memoirs\Setup\SoftonicDownloader_for_zipitfree.exe Win32/SoftonicDownloader.A potentially unwanted application
 


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 28 March 2014 - 04:52 AM

 

C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\crt7CE1.tmp.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\utt6302.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\utt941F.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\uttA233.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\UsbFix\Quarantine\C\Users\YOULI~1\AppData\Local\Temp\uttE14E.tmp.exe.vir a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\Users\You Li\Downloads\fulldvdripper-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\You Li\Downloads\rcsetup143.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
H:\el Memoirs\Setup\SoftonicDownloader_for_zipitfree.exe Win32/SoftonicDownloader.A potentially unwanted application

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 28 March 2014 - 10:39 PM

Greetings,

 

I have removed the files that contain security risks.

 

Below is report from AdwCleaner.

 

# AdwCleaner v3.022 - Report created 29/03/2014 at 10:58:36
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : You Li - JEUNGMINGJUK
# Running from : C:\Users\You Li\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\You Li\AppData\Local\FileTypeAssistant
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\You Li\AppData\Roaming\Mozilla\Firefox\Profiles\3o4xjyka.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\You Li\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [66374 octets] - [27/10/2013 10:18:07]
AdwCleaner[R1].txt - [1013 octets] - [27/10/2013 11:02:55]
AdwCleaner[R2].txt - [1709 octets] - [29/03/2014 10:50:25]
AdwCleaner[S0].txt - [67277 octets] - [27/10/2013 10:20:50]
AdwCleaner[S1].txt - [1074 octets] - [27/10/2013 11:04:50]
AdwCleaner[S2].txt - [1617 octets] - [29/03/2014 10:58:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1677 octets] ##########
 
Below is report from JRT.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by You Li on Sat 03/29/2014 at 11:11:06.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\You Li\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{00FAA61F-EE50-4DA3-9589-716B0A2980E4}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{013AB1C2-4283-493E-838A-123DA463B721}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{028A7EAA-4264-4314-86A8-4C509A6FE22C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{030370C1-5E3B-4B39-B1E3-F6FFDE0958F4}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{06916794-EDF3-49A9-83D9-371B8FF1B545}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{0A08FAE6-D122-4C37-826C-6D66D85BA476}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{0BBFBB27-EF93-47E5-94CD-AC67FA5FA9C3}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{0EC2D1E0-5886-46B2-B922-60F25BD7CAE9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{11DBD38E-6B9F-4A29-A10E-8FEBA137B276}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{14D29084-9A99-44B7-B113-56A7F9360041}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{163FB6D2-6F82-49BA-BFDB-33030D89B6F9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{16B0DEB9-707E-4795-AB1E-0B7D09B632CA}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{1A3B6DDD-A0DB-4586-BFB4-F90942718A34}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{1BB625A3-2AC3-42F0-A958-73EB88EC2BF7}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{1C1E4668-A2D5-4F1F-950A-BCF10E6880C1}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{1F251038-0CC1-4BE9-A930-ED7D820E15FE}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{1F3DD406-BC6E-491B-8791-35C5706CFCC0}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{20E8A372-FA2A-46BD-8675-17D8EEEF4725}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{2A1FA92E-B699-484D-B21D-582C90F50DD4}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{2C30377E-BE75-493C-8141-AA18C1DBAC06}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{2ED70204-811E-4450-BD92-441DE0F1DB22}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{2F5FFC1D-C5FE-4961-BCE9-5E547901F8DF}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{2FFD1016-37BB-40A2-B2D9-901093457A65}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3361D7AA-4C1B-47BD-A757-282FE19B2D5F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{35241F8E-5990-4150-8C2C-8FA30A53E1EB}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3775BDFC-199F-4C10-BB83-83CE788BD8B8}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{39E62669-A040-4E21-9FD8-57C26380D6B9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3D1F9731-E901-4797-9B4D-FE4834DB115C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3D964BAB-FA2B-4544-9A53-46EEBD9B991B}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3E3B26DD-FF2D-4760-806F-0860E72B9227}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{3F0789B5-0AE9-4BCE-9492-A5B8BDBE5B06}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{42F359A7-6658-4EC7-B875-A62FF2165CAD}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{455AD339-E679-4579-8289-D94BE8FE649F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{46511258-53A9-4901-B08C-E962E1028952}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{48A97216-EC95-4B0A-B7C8-509F1A509A97}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{4965F87F-C1A9-4F71-B577-75D14A8E8C67}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{49D3C4A1-7CD9-416C-9A5B-0D40D79EC917}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{4ACF3352-8DF3-4347-984F-407C755805C5}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{4C43B830-1CEB-4974-A787-E3AB702637B3}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{4FC05E74-5CEA-4074-90C6-64EB5521E2E8}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{55CF8A6E-F041-4302-85BA-48C24426E981}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{56EEDD7D-B30B-4FDC-9AD5-72CB9EA10484}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{5ACE19DB-E140-4AF9-9555-3D3BB763DCC4}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{5E888528-CDC3-4C20-BAA0-315978A59569}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{60EE7FB3-F692-42C6-8998-9007DA6B8CCD}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{655B82D2-8BD4-4F46-A8B4-F78BB4730849}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{681D6925-64A3-461C-AC84-695F14A2AF6F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{68F3B901-C731-450D-AF0D-4D0867707CE6}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{69291797-3B7F-4FA5-BEAA-B2C4873C6038}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6AB71CC7-AA17-4A72-A428-146FF9A75BA1}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6AFB6F17-D5F3-4E5C-AE5C-C74BBA3AE1C7}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6BCE5131-EE5F-4E2A-940D-D3D3CA41D3E0}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6C0D22CF-452A-4027-B3FC-7BFBB96B3D4C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6C25BBA8-6C2D-4203-95A7-2CF33DA47C86}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6C9EC4E4-EEB7-4560-B92B-84B1C81F4545}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6CBFC766-A859-42C3-B57E-20880AA5EFDE}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6EDBA4B0-356B-46A5-9A4C-29BCB3D238FB}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{6FB0DBDE-FBCB-4768-A8B1-EF6DBD648EC7}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{70325963-4A34-4A35-9AF6-A4415330A06D}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{717CB642-4FF6-4A42-9DA0-4B8DDEFF3FBA}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{75732BC3-AD9D-422B-8105-823219D5E91F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{75C18A90-804D-442C-87C6-B995791D0CEE}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{76F5990E-B234-4603-802C-09D4411BB01E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{7798671A-A50C-401D-A908-ADAB98831FD1}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{781EF7C9-E9CE-454E-983A-A0B24221B1FE}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{789DFFD1-96C7-406D-8886-5FE678A023E8}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{7C0F11DA-F148-42D8-A074-A9F5833B640F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{7C7EF725-D9BE-4C49-9AB3-A391CD901C3D}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{7D4EC7A5-28EF-4EDF-AD5F-55BA18662B4A}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{7F1A80FF-F9DD-4D2A-966A-461A9E000A8E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{80D86081-2F60-407A-9DBB-33C905C6422E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{83988BF3-6A7B-41D8-AF60-0DCA5F057649}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{83B1AF18-21F3-4459-BC6D-D23B4D18B894}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{84D6693B-764E-4A60-9B7D-D94AD53F699A}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{85FDC2DE-73B1-46BD-BC87-18EFB2039032}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{8613944F-56D5-4312-9662-0F803CF6EE3C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{90F2CDF7-1AE7-4946-B5F9-C0CF202F088E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{93C01D3A-AB81-42CB-A5B1-9B49619CC100}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{94D85265-B692-488B-943D-CDF46A1AC68C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{95E1A3E9-92B4-4741-B238-CCB9A86B46EA}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{9981C629-DAF5-4D28-8BC4-3816866D5A2E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{9CD537C4-BD0A-44BE-987E-9A9C377286AF}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{A0FB6263-26C9-4A39-90D8-A5BB45176D42}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{A258D73C-1630-4796-8B28-D28865887229}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{A3AC4686-3A07-442A-838A-588A60890315}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{A80059A9-CF90-4155-8460-96974FA08D45}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{A96A5E8E-69E7-4073-875B-CFB6CAF82683}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{AA3DD316-6946-47CA-8B32-A3A3FF1C5101}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{AB5EAB37-12FE-4AA6-98D2-957814FD5FAB}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{ABF0A7EB-1F48-4F52-A474-E79244215748}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{ACAD4A9A-7676-4C03-B487-3F384DC142F1}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{B35CDEF0-1EB9-45CE-8988-60017E29C6BC}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{B4C55757-8DB3-408E-831C-94E2D8ECE6FF}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{B88C0CA5-B1E0-4332-85A6-5AF9B0C48D50}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{BE57CC29-1B11-4E6D-B1A2-0B06324EB477}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{BF9BDFC7-445F-48FB-8460-EC31F87B0643}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C01A0418-84D1-4A63-9334-0249C8CC7C92}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C215B081-6842-41EA-8F67-4CDBD846E120}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C35E611A-3DEA-4200-B984-92332596356F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C574E7F7-6609-4153-9A43-F4AF2057BF2D}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C5988408-31E6-4CC6-8BF9-C01BCBA8DC8B}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C824258A-EF60-46DF-9430-FEB9806A1B51}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{C98101CC-9F5A-460B-BF0E-DEE1AF240F80}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{CA2CAEEC-37CB-4A5D-B067-399F7204BC50}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{CB815025-EE87-47B1-901A-E3FDF400BB0E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{CD94DF32-75F5-418F-8991-12FB9C79006B}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{D04063A8-3543-41D1-B6E5-51EB3E122B5E}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{D35CF515-4E12-4130-AE95-2FCF9C2B9175}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{D8FBD6E5-0BAF-4772-A3A9-98ABE3050FC4}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{D9A1C6D8-301A-44FD-99DB-3536B278791C}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DA2AA972-D9F4-44EE-9896-4AE2E2AC1990}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DB3BC06F-5D80-4B72-BCA2-CDCB2ED357B1}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DDCA3395-370D-4947-9A2D-036BAA4A6C88}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DE6A63FF-7569-419B-8F0B-B5DFC4E05E04}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DEA377A2-EE28-4F99-94E1-611ADE644B3F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DEB3811D-9CA3-4384-B263-A22A40EEC78F}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DF184705-B94A-4019-A4CB-215A5B7925FD}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{DF21F4C9-FAAF-48F1-8670-B37D053CCEFF}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{E22E4EBE-19FA-465C-9E8F-AE2FD14F53C6}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{E331655F-7657-4176-814D-18DDC818D0C9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{E3BFB0DE-F49C-4B82-97B6-29C8AA049582}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{E618E4E0-12E1-4F0C-A795-09C4FD915AA0}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{E7EA2D90-730A-4857-8E75-E451E7E1A8AA}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{EB3C6E19-FAD8-4FDB-B0FC-657FE8355A4D}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{ED9C220C-5A22-4F98-BB72-E7FC07826520}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{EEF5F27A-AEAE-4744-B154-4B3B08EAA26A}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{F41982F9-F94C-4C50-9AE1-A6A2627F1139}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{F62B0AF5-280F-469D-B5F4-DF0426A25C0B}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{F6472C73-0919-49EE-A452-84BC951D2784}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{F7328889-10B7-4711-BC5A-9D99CBDE7BF9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{F8566091-7550-4CF0-AAD1-85AD526974B9}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{FE0446B5-247E-4107-A0BB-98E3596B35DE}
Successfully deleted: [Empty Folder] C:\Users\You Li\appdata\local\{FF7CE11F-26DD-4239-9BB7-F5E70E477518}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\You Li\AppData\Roaming\mozilla\firefox\profiles\3o4xjyka.default\minidumps [45 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/29/2014 at 11:21:00.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Here is report from SecurityCheck.
 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spyware Doctor 7.0   
 JavaFX 2.1.0    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox 24.0 Firefox out of Date!  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 31 March 2014 - 02:49 AM

Your system is clean now! :)

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 fasciola

fasciola
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 31 March 2014 - 03:17 AM

Hi Marius,

 

Thanks to you, I have seen many dangerous files deleted.

 

I think my facebook is clear from the fake adobe flash player update; but I still receive these when I visit youtube and instagram. Do you have any idea to clear this further? :(

 

Same goes to my iPad browser; the good news is my android phone's instagram is now clear from fake notification.

 

For these few days, I did not change any programs except following your instructions. I only did some document clean up which are photos and MS Word files for my work stuff.

 

I have not performed any actions from your latest post. Should I follow these first to check whether there is improvement?



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 31 March 2014 - 03:50 AM

Please show a screenshot of the flash player message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users