JJMAC

Maurice I do apologise. I had intended the issue with my Laptop to be sent as a new topic. I don't know how it got tagged on to my previous topic "Help with removal of hidden backdoor(s} left by Trojans is needed to which you replied on 11 December to which the following is my reply thereto. [to dispose of the Laptop issue I can confirm that I have removed all the PUP detections and a new scan confirmed that they were gone] Reply to Maurice Naggar's post dated 11 Dec. 2012 Many thanks Maurice for your reply. Very helpful as always. I have already tried to get information from Dell support without success. I sent an email to dell_direct_support@dell.com on 28 Nov.in which I said that I have the Dell Reinstallation DVD for windows vista home premium and asked "should I have or will I require a Dell DVD which would automatically reformat the hard disk, reinstall drivers and preinstalled programs so as to restore the computer to its original condition when new". I also pointed out that drive D would be wiped when reformatted and asked where could I obtain the files required to restore drive D. I got no reply. When I go on line, select Dell Product Support and enter my Service Tag (CFBRT2J) my Computer is correctly identified including the date it was shipped and the date on which the warranty expired but when I try to log onto Technical Support my Service Tag is not recognised. I did, however, manage to get through to technical support on the telephone. I was asked for my Service Tag, my name, address, telephone number etc. before I was put through to a Technician. I am 84 years of age and my hearing, particularly on the phone, is not good. The technician was a foreign national and I had extreme difficulty following what he was saying and he obviously did not follow what I was asking. I did however gather that he wanted permission to remotely access my computer in order to fix my issue. I repeatedly asked if he would intend to reformat the hard disk and I understood him to say that would not be necessary. After ¾ hour I terminated the call without getting the information I was looking for.. He sent me an email offering to fix my issue (without saying what my issue was) but as my computer was out of warranty there would be a charge of £69 for a single incident. . He has telephoned me twice since then seeking my approval of his offer. There is no way I will agree to any proposal that will not leave me confident that my computer is clean. This is ridiculous. All I am asking for is information on the availability of any software/files required for the clean restoration of the operating system being items in addition to the reinstallation DVD for Windows Vista home premium 32bit which I already have. I am not seeking Dell Technical Support per se. I intend to pursue this further with Dell. Incidentally I think that the Dell reinstallation DVD will probably fully install fresh Windows without needing any files in Recovery Disk D or from an external source. The writing on the label on the disk is shown below: OPERATING SYSTEM ALREADY INSTALLED ON YOUR COMPUTER Reinstallation DVD Windows Vista Home Premium 32BIT The software is already Installed on your computer Support for these products Only use this DVD to reinstall is provided by Dell The operating system on a DELL PC For Distribution Only This DVD is not for reinstallation of With a New Dell PC. Programs or drivers. 　 DELL www.dell.com !! support.dell.com @2007 Dell inc Portions@ 2007 Microsoft Corporation All rights reserved P/N HY484 There is a Help File on the DVD entitled INSTALLATION INSTRUCTIONS These instructions are for Upgrading Windows when you already have a version of Windows on your Computer and you want to keep your File Settings & Program 1. Installing a new version of Windows when you want to replace your current Operating System2. You have an operating System installed on your Computer and you want to install Windows on an available Separate Partition of your Hard Disk You have a Computer with no Operating System installed. It may be possible that the above instructions applied to the original Microsoft Windows Operating System before it was modified by DELL. In which case I will still seek conformation from Dell that their reinstallation DVD will fully install fresh Windows. The DELL FACTORY IMAGE RESTORE UTILITY is in RecoveryD/Tools/PCRestore . I don’t think it was ever hidden. It might be possible to create a restore disk from the factory created partition on the hard drive but I would not attempt to do so if there was any risk of Drive D being infected. If there is no risk or only a very remote risk of Drive D being infected would it be feasible to reformat Drive C only and leave the drive D partition as is.? Will the Diskpart.exe utility be found on the Dell reinstallation DVD. ? I have backed up Document files and Photos. That’s all I intend to Backup and intend to restore only a few if any of these. Do I read your instructions correctly Set the bios to boot from the DVD first. Insert the DVD. Start the computer and let it boot to a command prompt. Install Windows Vista and when asked Where do you want to install Windows screen press SHIFT+F10 to open a command prompt. Click start, click run and type diskpart. Follow instructions to clean the disk and permanently remove all the data and all the partitions. Does this clean up program also reformat the hard disk.? At what stage is the hard disk repartitioned ? Maurice I am afraid I will now have to put this issue once more on the back burner until after Christmas as I am caught up with other things. May I wish you a happy Christmas and thank you for all your help. Regards JJMAC

I have a financial portfolio in an Excel file stored in a USB memory stick which I update weekly on my Laptop. Two days ago I opened my portfolio on my Laptop, and as I normally do, updated the portfolio and then in the usual way tried to save it in the memory stick thus overwriting the (portfolio) file therein, but that did not happen. Instead I got a message to say that the file could not be saved in drive F (the memory stick) but instead it had been saved in a temporary file with an eight character alpha numerical file name. I then opened Drive F where I found the temporary file but the original portfolio file had disappeared. I became concerned that the disappearance of the portfolio file might be caused by a virus so I scanned the computer with the MalwareBytes program. A log of the scan,which detected 103 objects, is appended hereto. I decided not to delete these objects until after I have your advice as to the nature of them and in particular whether they indicate that my portfolio may have been hacked during the short period I had it opened on my laptop. The reason I had my Portfolio stored on a memory stick was to avoid storing sensitive files on my laptop as a safeguard against it being stolen. Thank you JJMAC Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.09.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 John :: JOHN-TOSH [administrator] 10/12/2013 15:20:37 MBAM-log-2013-12-10 (16-00-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238722 Time elapsed: 14 minute(s), 30 second(s) Memory Processes Detected: 3 C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 2756 -> No action taken. C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> 2772 -> No action taken. C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> 2944 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 35 HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MapsGalaxy_39.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MapsGalaxy_39.SkinLauncher (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MapsGalaxy_39.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MapsGalaxy_39.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken. HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken. HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> No action taken. HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> No action taken. HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken. HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> No action taken. HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> No action taken. HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> No action taken. HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> No action taken. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> No action taken. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> No action taken. HKCU\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken. HKLM\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken. HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} (PUP.Optional.Searchqu) -> No action taken. HKCR\TypeLib\{841D5A49-E48D-413c-9C28-EB3D9081D705} (PUP.Optional.Searchqu) -> No action taken. HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} (PUP.Optional.Searchqu) -> No action taken. HKCR\DnsBHO.BHO.1 (PUP.Optional.Searchqu) -> No action taken. HKCR\DnsBHO.BHO (PUP.Optional.Searchqu) -> No action taken. Registry Values Detected: 7 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Data: C:\PROGRA~2\SRTOOL~1\Datamngr\DATAMN~1.EXE -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Utility Chest Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UtilityChest_49 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\2.bin\39srchmn.exe" /m=2 /w /h -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\MAPSGA~2\bar\2.bin\39brmon.exe -> No action taken. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) Good: () -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) Good: () -> No action taken. Folders Detected: 6 C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\24x7Help (PUP.Optional.24x7.A) -> No action taken. Files Detected: 50 C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39sknlcr.dll (PUP.Optional.FunWebProducts.A) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> No action taken. C:\Users\John\Downloads\MapsSetup (1).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (2).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (3).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (4).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (5).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (6).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (7).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (8).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup (9).exe (PUP.Optional.Inbox) -> No action taken. C:\Users\John\Downloads\MapsSetup.exe (PUP.Optional.Inbox) -> No action taken. C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> No action taken. C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> No action taken. C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> No action taken. C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> No action taken. C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> No action taken. C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (PUP.Optional.MindSpark) -> No action taken. C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> No action taken. C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39SrchMn.exe (PUP.Optional.MindSpark) -> No action taken. C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> No action taken. C:\Program Files (x86)\24x7Help\24x7desk.64.dll (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\24x7desk.dll (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Help.exe (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Help.old.exe (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Hook.dll (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Hook.exe (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Hook64.dll (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Hook64.exe (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PUP.Optional.24x7.A) -> No action taken. C:\Program Files (x86)\24x7Help\unins000.exe (PUP.Optional.24x7.A) -> No action taken. (end)

Hallo I had not quite finished my post when it took off and was sent prematurely Other queries If the recovery utility installed in drive D restores the computer to its factory condition would that not be equivalent to reformatting the disk. There was no virus on the computer when it left the factory. Would I be correct in thinking that the recovery utility will overwrite all third party programs installed after purchase in addition to personal files and restore only the programs which were preinstalled when new? It would be great if that was the case, Of course if drive D is reformatted the utility will be wiped out. JJMAC

This post is a follow up to a previous topic entitled "Rogue Program Internet Security.ink has been removed but has my personal data been compromised" which I started on 19 April 2012 in "Resolved Highjack this Logs" and in particular to Maurice Nagger's response thereto on 7 May 2012 which described in great detail the steps I need to take to ensure the integrity of my computer. These steps included the reformat of the hard drive. I have put that task on the back burner with the computer meanwhile disconnected from the internet. I am now preparing to grasp the nettle and reformat the hard disk. The hard disk in my Dell Dimension E520 computer has two partitions, Drive C and Drive D. Drive D is labelled "Recovery" and contains a utility labelled "DELL FACTORY IMAGE RESTORE" with a description "This utility will restore your system to the state it was in when it left the factory. In order to return the system to the factory state all personal files will be overwritten" I sought help from a Dell Community Forum. I asked the community for information on the availability of the software or other items I will require to restore the computer to its factory condition after reformatting the hard disk, being items in addition to the Dell Restoration DVD for Windows Vista Home Premium 32 bit which was bundled with the computer when new. I received the following reply from one member of the forum. "If you boot up from live media (such as Windows 7 DVD) and use the repair options to open a command prompt, nyou can run the BOOTREX/FIXMBR and BOOTREC/FIXBOOT commands that will overwrite the Master Boot Record where the Trojans might be activated. Once that's done booting from the hard drive won't activate the Trojans and any rootkit-type cloaking they might use. Afterwards, reinstall Windows and the Trojans should be deactivated. There's nothing magic about Trojans" In my reply I pointed out that his advice differed from that which I had received which that I should reformat the hard disk to remove all hidden back doors left by Trojans. I could be attracted to the following Modus Operandi 1 Boot from Dell reinstallation Disk for Windows Vista Premium 32 bit 2 Run BOOTREX/FIXMBR & BOOTREC/FIXBOOT 3 Reboot from Hard Drive 4 Run a PC Cleaner 5 Reformat the hard drive and reinstall Vista operating system. The problem here is that if drive D is formatted I could not restore it including the recovery utility unless I can download the required files from Dell's web Site. Please advise on above steps including their sequence. I added step 4 after seeing a statement in the promotional literature for a PC Cleaning program claiming that reformatting the HD will not remove hidden files. I don't know if that claim has any substance. Please advise. Other queries 1I have assumed that reformatting the hard drive will include Drive D as well as Drive C. Am I correct?

Dear MrC Thank you for your prompt reply. I have uninstalled inboxToolbar & Searchqu Toolbar. Here are the LOGFILES you requested ADWCLEANER LOGFILE # AdwCleaner v2.011 - Logfile created 12/05/2012 at 17:53:11 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : John - JOHN-TOSH # Boot Mode : Normal # Running from : C:\Users\John\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** Stopped & Deleted : 24x7HelpSvc ***** [Files / Folders] ***** File Deleted : C:\Users\John\AppData\Local\Temp\searchqutoolbar-manifest.xml File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Public\Desktop\iLivid.lnk File Deleted : C:\Users\Public\Desktop\RebateGiant.com.url Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\Program Files (x86)\Inbox.com Folder Deleted : C:\Program Files (x86)\RebateInformer Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar Folder Deleted : C:\Program Files (x86)\WiseConvert Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer Folder Deleted : C:\Users\John\AppData\Local\Conduit Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl Folder Deleted : C:\Users\John\AppData\Local\Ilivid Player Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit Folder Deleted : C:\Users\John\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\John\AppData\LocalLow\searchquband Folder Deleted : C:\Users\John\AppData\LocalLow\WiseConvert Folder Deleted : C:\Users\John\AppData\Roaming\24x7 Help ***** [Registry] ***** Key Deleted : HKCU\Software\24x7HELP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\CToolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\Software\24x7HELP Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo Key Deleted : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO Key Deleted : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen Key Deleted : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\CToolbar Key Deleted : HKLM\Software\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\Software\WiseConvert Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5569FDC6-10A6-49DC-AEF3-8CB1611EEB5D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB5E3782-13B7-4BE2-A905-6E30A2ADFAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RebateInformer] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.11] : homepage = "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en", Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en" ] Deleted [l.39] : icon_url = "hxxp://search.conduit.com/fav.ico", Deleted [l.42] : keyword = "search.conduit.com", Deleted [l.45] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...] Deleted [l.1228] : homepage = "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en", Deleted [l.1427] : urls_to_restore_on_startup = [ "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en" ] ************************* AdwCleaner[s2].txt - [11404 octets] - [05/12/2012 17:53:11] ########## EOF - C:\AdwCleaner[s2].txt - [11465 octets] ########## 　 Mbar-Log 1st Run Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-TOSH [administrator] 05/12/2012 20:25:03 mbar-log-2012-12-05 (20-25-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27424 Time elapsed: 25 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\ARTGALRY.CAG (Trojan.Downloader) -> Delete on reboot. [a952d009c39ab97de48010381fe2669a] (end) Mbar Log 2nd Run Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.05.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-TOSH [administrator] 05/12/2012 21:04:25 mbar-log-2012-12-05 (21-04-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27308 Time elapsed: 21 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) At the start of the first MBAR scan I received the following message: Registry value "AppInit_Dlls" has been found which may be caused by rootkil activity. Press the "No" if you are not sure. If the tool crashes during a system scan restart and if the message is reoeated click the yes button. I clicked the "no" button at the start of both runs. No crash occurred.

Many thanks for your help. The 2 logs and the report requested follow but may require more than 1 post. In addition to the Trojan removed by Malwarebytes on 2/12/12, Trend Micro (my internet security program) has now reported that on 3/12/12 mbam-setup.exe had been deleted for my protection.. You do not need to do anything else. Affected file:C:\PROGRAMDATA\Malwa... Threat:: TROJ.FAKEAV.BMC. Response: REMOVED Post no. 1 DDS.txt. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1 Run by John at 18:13:05 on 2012-12-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.796 [GMT 0:00] . AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe C:\Program Files (x86)\24x7Help\App24x7Svc.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\RebateInformer\RebateInf.exe C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Inbox Toolbar\Inbox.exe C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\24x7Help\App24x7Help.exe C:\Program Files (x86)\24x7Help\App24x7Hook.exe C:\Program Files (x86)\24x7Help\App24x7Hook64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\consent.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned> mURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned> BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned> BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP uRun: [MRC] "C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe" /MBRSTART mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoResolveTrack = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoResolveTrack = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: mcafee.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DHCPNameServer = 10.239.24.5 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll AppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-5-10 77184] R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-9-23 394392] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-8 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816] R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-5-10 67344] R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2012-5-10 210704] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-5-24 31800] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 232992] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-19 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-10 1255736] . =============== Created Last 30 ================ . 2012-11-25 17:28:54 -------- d-----w- C:\Users\John\AppData\Roaming\Quat 2012-11-25 17:28:53 -------- d-----w- C:\Users\John\AppData\Roaming\Xagaf 2012-11-23 19:24:22 -------- d-----w- C:\MyBackup 2012-11-23 18:47:06 -------- d-----w- C:\Program Files (x86)\PC Tune-Up 2012-11-16 00:35:26 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-16 00:35:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-16 00:35:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-16 00:35:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-16 00:23:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-16 00:23:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-16 00:23:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-16 00:23:38 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-16 00:23:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 00:23:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 00:23:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 21:32:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-11-15 21:32:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-11-15 21:32:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-11-15 21:32:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-11-15 21:32:03 3149824 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-10 13:56:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 13:56:53 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-29 19:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-24 22:01:12 107048 ----a-w- C:\Windows\System32\drivers\tmactmon.sys 2012-09-24 22:00:36 77184 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys 2012-09-24 22:00:00 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 18:14:19.55 =============== ATTACH.TXT DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 09/05/2011 18:27:05 System Uptime: 04/12/2012 16:54:13 (2 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 81.745 GiB free. D: is FIXED (NTFS) - 116 GiB total, 109.178 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP89: 10/10/2012 18:35:55 - Windows Update RP90: 10/10/2012 23:49:01 - Windows Update RP91: 01/11/2012 17:13:09 - TITANUIMRES5[0x01001101] RP92: 01/11/2012 17:19:40 - TITANUIMRES5[0x01001101] RP93: 16/11/2012 00:22:37 - Windows Update RP94: 25/11/2012 14:13:32 - Scheduled Checkpoint RP95: 27/11/2012 23:40:52 - Windows Update . ==== Installed Programs ====================== . 24x7 Help Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 Advertising Center Amazon.co.uk Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program Bejeweled 2 Deluxe Bing Bar Chuzzle Deluxe Conexant HD Audio Diner Dash 2 Restaurant Rescue eBay FATE Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper iLivid ImagXpress Inbox Toolbar Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet TV for Windows Media Center Java Auto Updater Java™ 6 Update 25 (64-bit) Java™ 7 Update 5 JavaFX 2.1.1 Jewel Quest II Junk Mail filter update Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Default Manager Microsoft Excel 97 Microsoft Money 2001 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Word 97 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero BackItUp Nero BackItUp and Burn Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero RescueAgent Nero StartSmart Nero StartSmart Help NeroExpress neroxml ParetoLogic FileCure PC Tune-Up Penguins! Photo Service - powered by myphotobook Plants vs. Zombies PlayReady PC Runtime amd64 Polar Bowler Realtek USB 2.0 Card Reader RebateInformer Revo Uninstaller Pro 2.5.8 Searchqu Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) SiteRanker Skype Toolbars Skype™ 5.10 Synaptics Pointing Device Driver Toshiba Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password Toshiba TEMPRO TOSHIBA Value Added Package Trend Micro Titanium Trend Micro Titanium Internet Security 2012 TRORMCLauncher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WildTangent Games WildTangent ORB Game Console Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Silverlight WiseConvert Toolbar Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 02/12/2012 23:36:41, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4. 02/12/2012 23:20:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 02/12/2012 22:48:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File =========================== RogueKiller REPORT RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : John [Admin rights] Mode : Scan -- Date : 12/04/2012 21:15:23 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [TASK][sUSP PATH] {BC28DFF6-20D5-4B9A-AB50-D0801943B1AC} : C:\Users\John\Desktop\cjrZ500-Z600EN (2).exe -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 　 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS +++++ --- User --- [MBR] 338565a982b9886267cebc5a507d9731 [bSP] 48aeef1769ddc9929b5900423b368521 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 119001 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244535296 | Size: 119072 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12042012_02d2115.txt >> RKreport[1]_S_12042012_02d2115.txt End of Report. I did not think it would all fit into one Post. JJMAC

Hallo A malwarebyte scan carried out on 2/12/12 found and sucessfully deleted the undernoted Trojan. Can I assume that my Laptop is now clean or is there a risk that a hidden backdoor may have been left.? The Laptop had not been showing any symptoms of infection which was uncovered during a routine scan. I am currently using Trend Micro Titanium internet security 2012. C:\Users\John\AppData\Roaming\Xagaf\noso.exe (Trojan.Zbot) -> Quarantined and deleted successfully. Thank You JJMAC

Maurice I am pleased to inform you that I found inbox toolbar and have succesfully removed it from my computer. I think that you might be right when you suggested that this may also be causing the browser fault. I have closed it down twice, after removing the inbox toolbar,and no error message was received. I will be delighted if that issue has been resolved. Do you want me to run the DDS program again?. Kind Regards JJMAC

Maurice After running DDS I get a message that DDS had created 2 log file 1 dds.txt 2 Attach.txt The logs will appear after you have closed this (TFC) window. However. only the dds.txt log appeared. The Attach.txt log did not appear. The same thing happened when I previously ran DDS (on 19 June.) You asked me to let you know generally how the PC is overall. Generally very good. It boots up in half the time taken by my Dell computer running on Windows Vista home premium (the infected Computer) or in a quarter of the time required by my Gateway computer running on Xppro. Currently the only issue with this computer is its failure to shut down IE 9 properly at the end of a browsing session, error message: A problem has caused Internet Explorer to stop working correctly. Windows will close the program –……….. Not too much of a problem as it normally only occurs when I try to close a web site. DDS LOG DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by John at 13:01:14 on 2012-07-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1217 [GMT 1:00] . AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll BHO-X64: WiseConvert - No File BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . ============= SERVICES / DRIVERS =============== . R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512] S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?] S3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-20 17:16:52 -------- d-----w- C:\_OTL 2012-07-17 19:42:09 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-11 23:16:05 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 14:07:07 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 14:06:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-11 14:06:56 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 14:06:56 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 14:06:56 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 14:06:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 14:06:56 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 14:06:56 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 14:06:56 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 14:06:55 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 14:06:55 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 14:06:55 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 14:06:55 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 14:06:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-10 14:45:50 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-10 13:48:26 98816 ----a-w- C:\Windows\sed.exe 2012-07-10 13:48:26 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-10 13:48:26 256000 ----a-w- C:\Windows\PEV.exe 2012-07-10 13:48:26 208896 ----a-w- C:\Windows\MBR.exe 2012-07-10 12:36:44 -------- d-----w- C:\Windows\pss 2012-07-06 16:27:57 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-29 13:28:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-29 13:28:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-29 13:28:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-29 13:28:27 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-29 13:28:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-29 13:28:10 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-29 13:28:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-29 13:27:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-29 13:24:28 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-29 13:24:27 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-29 13:24:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-29 13:24:09 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-29 13:24:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-29 13:24:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-29 13:24:09 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-29 13:24:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-29 11:04:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-29 11:03:55 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-29 11:03:33 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-29 11:03:33 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-26 21:06:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-26 21:06:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-24 10:18:09 4101392 ----a-w- C:\Windows\uninst.exe 2012-05-10 11:25:46 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat 2012-05-04 18:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-04 18:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 13:03:30.79 =============== Many thanks for your valued assistance. JJMAC

Maurice I can’t explain it but I seem to be going from bad to worse. I ran TFC.exe as administrator. Temp file cleaner by old timer v3.1.9.0 opens Click start. Program runs. System requires a reboot to finish removing files. I click on ok to reboot now. After the system restarts I can’t find the DDS utility. When you say that after the system restarts I have the DDS utility already do you mean that I didn’t have the utility until the system restarts or that the DDS utility was already installed on my computer during some earlier tests. Either way I can’t find DDS or DDS.scr anywhere on my computer. I suspect that the internet explorer malfunction which causes the program to stop working correctly may have something toi do with this issue. JJMAC

Maurice I have gone through this process three times and still come up with the same answer. Here are the steps taken 1 Right click on OTL (3).exe, (the item with the yellow and black motif) and select run as administrator. Click yes to allow OTL(3).exe to make changes to my computer. OTL version 3.2.53.0 opens, 2 go to instructions and high light & copy to clipboard the 6 items grouped vertically within the code box. 3 Return to OTL and paste these 6 items into the Custom Scan Fixes box. They appear as a single line along the top of the box. 4 Right click on internet explorer icon on the task bar and select Close all windows. I get the familiar error message : internet explorer has stopped working. Windows will close the program and notify you if a solution is available. I click on close program. 5 Click on Run Fix. Click OK to reboot. Got a security message asking if I was sure I wanted to run OTL(3).exe. Click on run and almost immediately I got the following: All processes killed Error: Unable to interpret <:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context! OTL by OldTimer - Version 3.2.53.0 log created on 07232012_163512 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Maurice I have been trying to figure out for myself what has gone wrong. When I clicked on runfix it obviously did not run, instead the computer rebooted and I was asked for permission to run OTL(3).exe which I could have withheld but that would not have got me anywhere. When at the start of the process I was asked to right click OTL.exe and select run as administrator I first clicked on start and searched the computer for OTL.EXE. A number of OTLs were listed including OTL(1)(2)(3) & (4). I selected OTL(3) as it was the only one with the black and yellow motif. which I presume was the correct one. I interpreted Copy all the lines in between the code box below to the clipboard to mean highlight the items within the code box and copy them as a group to the clipboard. When pasted into the OTL Custom Scans/Fixes window they appear as a single horizontal line along the top of the Custom Scans/Fixes window. Please let me know what has gone wrong. Thank you JJMAC

Maurice Further to my last post (yesterday evening) I have now rerun the FixLog program having closed all browser windows before clicking the fix log button & it has come up with the same result. FIX LOG All processes killed Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!. OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Is there still something wrong? I has expected to see a list of the processes killed, a list of files moved on reboot and their new location, & a list of the registry entries deleted. I’m afraid I am still getting the error message, Internet Explorer has stopped working, every time I try to close it. It seldom stops working during as browsing session so it is not too much of a problem. Regards JJMAC

Maurice I am surprised that the RUN FIX log appended below shows less detail than I expected. I think that I followed the instructions accurately with one exception. Internet Explorer is the only open browser on this computer and the only browser window open was that of OTL.exe which I assumed could not be closed without also closing OTL.exe which had not completed at that stage. After clicking on Run Fix I was not presented with a fix complete message or an OK button. The next thing I saw was the Notebook log. I think now that leaving IE open was a mistake. I will have another go at that tomorrow and let you know if I get a different result. I have reinstalled Java and changed the settings as instructed. OTL log All processes killed Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context! OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Thanks for your help JJ Mac

Maurice I can’t find System Mechanic on my laptop. It is not shown in Program and Features and a search of my laptop reports file not found. It is not a program that I bought and am currently using. The only programs that I bought during the past ten years were XPPro, PC Tune-up and a program that scans the computer to locate and update any out of date drivers found. I have mislaid the installation disk of the latter program. I think it was called driver genius. I purchased this laptop on 11/11/2010. If you can advise me where System Mechanic is located on my laptop I will do my best to locate and delete it. The following is the Eset Scan Log. This laptop continues to run very smoothly. The only problem of note is IE explorer stops working every time you log off. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=00a9739ceb3bb64980c85e3350b3d149 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-17 08:31:40 # local_time=2012-07-17 09:31:40 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 5905196 5905196 0 0 # compatibility_mode=5893 16776574 100 94 34156874 95019349 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=137020 # found=0 # cleaned=0 # scan_time=2800 Thanks again for your help.

Maurice I have run the TFC and the Combofix programs and append below the Combofix.txt log. The test procedure ran smoothly. After I re-enabled my antivirus program I got a Trend Micro message to say that affected file C:/users/john/desktop/TFC.exe, threat TROJ_Hidefil. BMC had been deleted for your protection. You do not need to do anything else so feel free to close this message. I presume that Trend Micro has come up with a false positive result and I am quite content to ignore it. You previously informed me that I could run the tests previously carried out on my laptop (the 6 steps) on my other system (my desktop) by copying the tools which had been downloaded on my laptop to my other system. Could I also copy over TFC.exe and Combo-Fix.exe. Does the first paragraph of step3 imply that there may be a restriction on running Combo-fix on more than one computer? These additional tests would not be worth running unless as a result it could be concluded that instead of there might have been a trojan backdoor left to the probability would be unlikely that a back door had been left. If I decide to run these additional tests on my desktop I will open a new Help topic. Would they be worth running? Please advise. COMBOFIX .TXT LOG ComboFix 12-07-10.01 - John 10/07/2012 14:50:12.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1248 [GMT 1:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb c:\windows\SysWow64\rnaph.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 13:58 . 2012-07-10 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-06 16:27 . 2012-07-06 16:27 -------- d-----w- c:\program files (x86)\Oracle 2012-06-29 21:50 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 21:50 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-29 13:28 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-29 13:28 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-29 13:28 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-29 13:28 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-29 13:28 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-29 13:28 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-29 13:28 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-29 13:27 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-29 13:27 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-29 13:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-29 13:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-29 13:24 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-29 13:24 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-29 13:24 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-29 13:24 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-29 13:24 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-29 13:24 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-29 11:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-29 11:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-29 11:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-29 11:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-29 11:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-29 11:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-29 11:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-29 11:03 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-29 11:03 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- C:\ARC 2012-06-21 19:29 . 2012-06-26 21:16 -------- d-----w- c:\program files (x86)\ERUNT 2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\users\John\AppData\Roaming\iolo 2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\programdata\iolo . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-29 11:02 . 2012-05-09 21:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-29 11:02 . 2011-06-11 14:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-24 10:18 . 2012-05-23 19:06 4101392 ----a-w- c:\windows\uninst.exe 2012-05-12 20:40 . 2012-05-12 20:40 16384 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe 2012-05-10 11:25 . 2012-05-10 11:25 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-05-04 18:29 . 2012-05-12 14:08 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-04 18:29 . 2012-05-12 14:08 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}] 2012-02-20 03:34 342232 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 257224] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-09 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1255736] S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2011-08-02 67344] S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2011-08-02 210704] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 11:02] . 2012-01-11 c:\windows\Tasks\FileCure Default.job - c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00] . 2012-07-10 c:\windows\Tasks\FileCure Startup.job - c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25] . 2012-07-08 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-05-22 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) AddRemove-Excel - g:\office\Setup\AcmeXl.exe AddRemove-Lexmark Z500-Z600 Series - c:\program files (x86) (x86)\Lexmark Z500-Z600 Series\Install\x64\Uninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):44,6a,da,36,b1,79,8e,80,95,9a,4e,c3,0e,d9,26,45,64,eb,f4,c0,01, 01,92,81,d1,c0,02,18,94,4f,60,2b,ea,47,f1,b3,90,b5,58,b5,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{a4ff78c5-ad40-42e2-90b2-70a0a8a854a8}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000a0 "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,9c,f5,cb,2c,af,d6,12,76,f2,19,3f,57,1d,c6,30,3f,ca,17,f5,bc,41,f8,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe . ************************************************************************** . Completion time: 2012-07-10 15:36:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-10 14:36 . Pre-Run: 92,228,927,488 bytes free Post-Run: 91,461,296,128 bytes free . - - End Of File - - 30C7F2A4245EB89D80AF20CD9BC1A9BD 　

Of course I am still with you. I very much value your help. I hope to run the TFC & Combofix tools tomorrow and you should receive the results shortly.. Computer technology is not a science that I have much knowledge of and , therefore, I try to be very careful to follow instructions correctly. I get the impression that if things go wrong during these tests,say I don't get the expected response to a particular step, I might not be able to recover from that situation. Hopefully no such problems will, arise but it will take me a little longer to carry out the tests. Many thanks for your continuing help, JJMAC

When I clicked on the link to download the TFC by oldtimer program I received the following warning: Dangerous Page. http://oldtimer.geekstogo/Tec.exe Trend Micro (my antivirus program) has confirmed that this web site can transmit malicious software or has been involved in online scams or fraud. A button is preovided which I could click to open the blocked page despite the risk. I was on the point of clicking the button when I began to wonder if it could be possible that someone was masquerading as your goodself and that I should not proceed until I had your assurance that it was safe to do so.. Please may I have that assurance. Thank you.

Maurice I have completed all of the tests comprising Step 6. I tried but was unable to send all of the Logs/reports in a single post. I had to divide the data into smaller portions for transmission in separate posts. You have received Post1 & 2. Portion of the extras.txt log and the checkup.txt are outstanding. Yesterday I was unable to send Posts 3 & 4 because there was no submit button displayed. Maybe I am not allowed to send a reply to myself. I will attempt to include the missing data in this message. Spy Hunter is not listed in Programs and Features and I have never used it. I occasionally google to enquire if such an such a program is malware & SpyHunter might be one such program. If it is on my computer it must be hidden. Io1o. The name means nothing to me . I have not the slightest idea of what it is. System Mechanic. I have never used System Mechanic. Uniblue has been popping up on my desktop for some time seeking permission to go on the internet. I have always refused such permission. I do have a driver genius program which I purchased but I have not used it on this laptop. I don’t know how uniblue got on my hard disk. I have now removed it. I am not in the habit of using registry cleaners or optimisers. The following are two NBAM logs, one in May which shows the 2 infected files and the other is a current log. I am also attaching POST 3 which includes all of the Outstanding test results in step 6. COPY OF MBAM LOG IN MAY WHEN 2 VIRUSES WERE FOUND AND REMOVED Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-TOSH [administrator] 16/05/2012 21:16:38 mbam-log-2012-05-16 (21-16-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205665 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\John\Downloads\PCPerformer_GG.exe.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Users\John\Local Settings\Temporary Internet Files\Silverlight.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) COPY OF MBAM SCAN CARRIED OUT ON 2/7/12 Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 John :: JOHN-TOSH [administrator] 02/07/2012 15:14:06 mbam-log-2012-07-02 (15-14-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216137 Time elapsed: 13 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) POST 3 (STEP6 RESULTS CONTINUED) [{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications" Inc.® AR81Family Gigabit/Fast Ethernet Driver "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{9168d95f-e754-422e-acde-f2b098122816}" = Nero 9 Essentials "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook "Excel" = Microsoft Excel 97 "Google Desktop" = Google Desktop "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MSMONEYV50" = Microsoft Money 5.0 "TOSHIBA Game Console" = WildTangent ORB Game Console "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials "WiseConvert Toolbar" = WiseConvert Toolbar "Word8.0" = Microsoft Word 97 "WT083877" = Chuzzle Deluxe "WT083890" = Zuma Deluxe "WT083910" = Jewel Quest II "WT083916" = Diner Dash 2 Restaurant Rescue "WT083925" = Plants vs. Zombies "WT083929" = Bejeweled 2 Deluxe "WT083945" = FATE "WT083958" = Penguins! "WT083959" = Polar Bowler ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/22/2012 2:21:10 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063e0260 Faulting process id: 0x6bc Faulting application start time: 0x01cd50a2ffe69f92 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: 09fad75d-bc97-11e1-ba0d-00266c7bf904 Error - 6/23/2012 7:03:32 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063d0260 Faulting process id: 0xa84 Faulting application start time: 0x01cd512c687ebb3e Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: 1188f940-bd23-11e1-b0fa-00266c7bf904 Error - 6/23/2012 8:06:54 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x071a0260 Faulting process id: 0x618 Faulting application start time: 0x01cd51384bd147d2 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: eba528c1-bd2b-11e1-b0fa-00266c7bf904 Error - 6/23/2012 8:57:22 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033792 Faulting process id: 0xf84 Faulting application start time: 0x01cd5138c795f0cc Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: f8bd131a-bd32-11e1-b0fa-00266c7bf904 Error - 6/23/2012 9:02:25 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x073c0260 Faulting process id: 0x1428 Faulting application start time: 0x01cd513fc135f5cf Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: acf44d93-bd33-11e1-b0fa-00266c7bf904 Error - 6/23/2012 9:32:31 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x03b10260 Faulting process id: 0x13e8 Faulting application start time: 0x01cd51449ee3718d Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: e184b9df-bd37-11e1-b0fa-00266c7bf904 Error - 6/23/2012 9:51:29 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x06600260 Faulting process id: 0x75c Faulting application start time: 0x01cd51450cbf93d2 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: 883cf5fd-bd3a-11e1-b0fa-00266c7bf904 Error - 6/23/2012 2:26:46 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05d60260 Faulting process id: 0x808 Faulting application start time: 0x01cd516dbd68ae4d Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: fcea2843-bd60-11e1-b0fa-00266c7bf904 Error - 6/23/2012 2:42:18 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x04e10260 Faulting process id: 0xa60 Faulting application start time: 0x01cd516fe4264b36 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: 286ce719-bd63-11e1-b0fa-00266c7bf904 Error - 6/23/2012 5:34:31 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05e60260 Faulting process id: 0x1448 Faulting application start time: 0x01cd5187e0b53913 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: Inbox.dll Report Id: 37900b5e-bd7b-11e1-b0fa-00266c7bf904 [ Media Center Events ] Error - 5/31/2011 3:31:41 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 20:28:49 - Error connecting to the internet. 20:28:49 - Unable to contact server.. Error - 6/21/2011 7:09:00 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 00:09:00 - Error connecting to the internet. 00:09:00 - Unable to contact server.. Error - 6/21/2011 7:09:11 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 00:09:05 - Error connecting to the internet. 00:09:05 - Unable to contact server.. Error - 6/26/2011 7:34:31 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 12:34:26 - Error connecting to the internet. 12:34:26 - Unable to contact server.. Error - 6/26/2011 8:34:44 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 13:34:41 - Error connecting to the internet. 13:34:41 - Unable to contact server.. Error - 6/26/2011 9:34:57 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 14:34:51 - Error connecting to the internet. 14:34:51 - Unable to contact server.. Error - 6/26/2011 10:35:05 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 15:35:03 - Error connecting to the internet. 15:35:03 - Unable to contact server.. Error - 12/6/2011 5:19:14 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 21:19:14 - Error connecting to the internet. 21:19:14 - Unable to contact server.. Error - 12/6/2011 5:19:24 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 21:19:19 - Error connecting to the internet. 21:19:19 - Unable to contact server.. Error - 2/11/2012 2:42:26 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0 Description = 18:42:20 - Error connecting to the internet. 18:42:20 - Unable to contact server.. [ System Events ] Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = DCOM | ID = 10005 Description = Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7000 Description = The Windows Modules Installer service failed to start due to the following error: %%1053 Error - 3/15/2012 9:00:47 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR2. Error - 3/15/2012 9:44:28 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR4. Error - 3/15/2012 9:44:29 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR4. Error - 3/15/2012 9:44:30 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR4. Error - 3/15/2012 5:11:24 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 3/16/2012 12:33:57 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error - 3/16/2012 6:21:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. < End of report > END OF EXTRAS FILE 　 　 　 　 SECURITY CHECK Screen317 (p41) Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: JavaFX 2.1.0 Java 7 Update 4 Out of date Java installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Toshiba TOSHIBA Online Product Information TOPI.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe Trend Micro Titanium UIFramework uiWinMgr.exe ``````````End of Log```````````` 　 There appear to be an awful lot of faults/errors recorded in Extras.txt. The most common fault that I am aware of occurs when I exit from a web site I get an error message to say that Internet Explorer had stopped working. Not too bad when it happens at the end of a session but sometimes it happens in the middle of a session. The above logs refer only to my Laptop. My desktop computer was more severely infected. Following your advice I notified about a dozen financial institutions (including two banks with whom I have internet accounts) that I could be at risk of identity theft and asked them to put a watch on my account and to notify me of any suspicious activity taking place. Most have provided me with a special password which would have to be quoted before they would process any transactions. There was a period of about 10 days between the first symptoms of the virus and its removal by malwarebytes following which I continued using the computer for a further 3 to4 weeks before I closed it down (stopped connecting to the internet). There was therefore a period of 5 to 6 weeks during which a hacker could have access to my private data. I have so far not received any report of suspicious activity from any quarter. I know that, if private data has been stolen, it could be used at any future date ,perhaps in a years time. Nevertheless I would expect a hacker to attempt to use the data sooner rather than later. I fully intended to reformat the hard disk, reinstall Windows Vista and all the programs and for peace of mind I will probably do that although it is a task I don’t relish. If the risk could be classified as unlikely or better still highly unlikely I would be prepared to take that risk. I would appreciate your advice on the following. If repeated on my Desktop, would the test programs which I have carried out on my Laptop (the 6 steps) give an indication of whether a Trojan had left an open back door. If these tests would be worthwhile, could the program files be downloaded on my laptop, saved to a USB memory stick, and transferred and run/loaded on my desktop.? I would not like to risk connecting my desktop to the internet while installing and running these programs. Thanks for your help. It is much appreciated. JJMAC

POST2 (STEP6 RESULTS CONTINUED) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/29 12:04:40 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/29 12:04:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/29 12:04:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/29 12:03:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/29 12:03:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/23 13:15:17 | 000,000,000 | ---D | C] -- C:\ARC [2012/06/21 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/06/21 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/06/17 13:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\mbam log [2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\iolo [2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/29 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/29 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/29 21:06:20 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/29 21:06:20 | 000,639,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/29 21:06:20 | 000,114,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/29 21:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2012/06/29 17:22:26 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk [2012/06/29 17:21:53 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk [2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2012/06/29 17:01:23 | 000,002,042 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/29 16:14:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012/06/29 16:14:24 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys [2012/06/29 12:02:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/29 12:02:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/22 15:38:20 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat [2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/06/02 13:55:21 | 000,000,762 | ---- | M] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/29 17:22:26 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk [2012/06/29 17:21:53 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk [2012/06/22 15:25:35 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat [2012/06/02 13:55:21 | 000,000,762 | ---- | C] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk [2012/05/10 12:25:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/12/03 17:52:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll [2011/12/03 17:52:43 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll [2011/12/03 17:52:43 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll [2011/12/03 17:52:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll [2011/12/03 17:52:43 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll [2011/12/03 17:52:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll [2011/12/03 17:52:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll [2011/12/03 17:52:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll [2011/12/03 17:52:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe [2011/12/03 17:52:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll [2011/12/03 17:52:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll [2011/12/03 17:52:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll [2011/12/03 17:52:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll [2011/12/03 17:52:41 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe [2011/12/03 17:52:41 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll [2011/12/03 17:52:41 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe [2011/12/03 17:52:41 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe [2011/05/09 17:56:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI ========== LOP Check ========== [2012/06/28 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DMCache [2012/06/29 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IDM [2012/06/12 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iolo [2012/05/23 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Cleaners [2012/05/23 20:07:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCPro [2011/05/10 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Toshiba [2011/06/06 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Uniblue [2011/09/11 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer [2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012/01/11 14:36:11 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job [2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job [2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2011/05/22 18:46:51 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2012/04/04 17:45:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > EXTRAS.TXT (p15) OTL Extras logfile created on: 6/29/2012 9:54:14 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free 3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{076F53EC-998C-466F-AC90-286BD4A337E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{17064CFB-C1A1-45DB-B218-D583BD5340A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{237E4BEA-7DC7-431F-BA10-86A952651051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{241EDC68-1C89-4DD0-A67D-96C6FAA1E5D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45AF43B4-F860-4EF1-8302-3FB0ECED8C45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47063998-C868-43E6-B91E-41915922A22F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5C103E45-6C64-4BCE-A87F-84D085FD611E}" = lport=2869 | protocol=6 | dir=in | app=system | "{5CC14CE3-E0FF-4ECD-9F2A-4E9D986186D3}" = lport=138 | protocol=17 | dir=in | app=system | "{5D815881-9EE5-4E8C-98A1-84954857697F}" = lport=445 | protocol=6 | dir=in | app=system | "{6A1B0671-0865-4523-A5A6-CCEB6EB6A790}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DD60571-CF7C-4A1D-A8DD-846D545338DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{756F1ACD-AC59-4B99-B674-BDC6E644D236}" = lport=137 | protocol=17 | dir=in | app=system | "{7BEC305B-AC84-49BA-B655-8EC5BDEF02FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83953A2D-6079-4A94-BC5C-DCB511A951DC}" = rport=445 | protocol=6 | dir=out | app=system | "{93A9A213-5CA2-4C54-8733-1B6BDCD105D8}" = rport=138 | protocol=17 | dir=out | app=system | "{950CCD33-6D1A-4408-805F-912FB73C4568}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A3CEA036-DFA2-4E43-99B6-0C8538489210}" = lport=2869 | protocol=6 | dir=in | app=system | "{A617E2C5-8002-4D67-BD37-EF49E08FD569}" = lport=139 | protocol=6 | dir=in | app=system | "{ABD48222-5433-469D-AEF9-8D891C175084}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEF55C4D-6B84-412B-8351-296CA67BFBA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D203FE1A-75DD-4A89-AAC6-4B35EB98FC6E}" = rport=137 | protocol=17 | dir=out | app=system | "{D96D3AD4-5877-40DD-8283-1560FCEB896C}" = rport=10243 | protocol=6 | dir=out | app=system | "{E872DE32-C683-4C83-B6DA-843AF65ED7CE}" = rport=139 | protocol=6 | dir=out | app=system | "{EC9273B3-8CEE-4313-B8D6-9D2C3C2215E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{FAB6C4A9-6051-4E23-8285-E1DD7BF686EC}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{104F0B0C-45EB-4B01-8125-4556F66D3802}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{22383C5D-F7B7-48A6-8540-DA5A20EB8E68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38034D3E-34C1-45A4-B8E8-FD9CEB51D858}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{388FAB54-35DA-4FA2-AA50-D4AA0CB1F461}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3BB2D16E-1EF6-436C-B175-DC650CB11612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D00036E-8559-4C8F-B03C-9124384706DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4497794D-EA5E-4243-A587-03E2C70364AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe | "{526095A6-077C-4E60-BC2B-0BD6FF00C4A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F3919FD-953C-4298-BAE7-2A86B21A63B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6CA296A0-B20E-4A21-9422-997FD15482F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{793C7B9F-EC17-41F8-A56D-223E1F6E588E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{90120EB9-D0FC-47AC-95A0-F3EF5D06E33E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9873B612-C130-4F64-9DBC-7E0164BC62E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe | "{98F6466C-13A8-4427-91B6-817D7D990646}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7F5E441-5CE0-486C-A2F2-8D65B30220C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BB6DC2AA-8E0E-4017-9F5C-20D00C3F48CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BF90902D-9CBB-440C-BFFA-191421F9C798}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C071CDD6-8DD3-4B65-92BB-C1159C39D4FA}" = protocol=6 | dir=out | app=system | "{C86E9DB9-1EB2-4280-9B8D-045C6B019C0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C90DEFC7-8881-4D0E-9440-BDE47EBBBB97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CADC6694-1BDF-4034-B65A-B1011BF2ACB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D72586FC-D178-4890-AAA2-D2A60258F0A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EB4DE7AC-EE6A-4BD4-9D88-754310DAA3E1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{ECE2FCD9-E795-4D47-B24D-B743C20CE390}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F478A558-CC9B-44EE-972F-FDB01198EEC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB4C1C70-3C28-4D56-ADF7-2ECD7C65AF97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FDD17834-6543-479A-8A3D-FDFDE9B0EF15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java 6 Update 25 (64-bit) "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 CONTINUED IN PART2 PART2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012 "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO "{

Maurice the log files from step6 tests (OTL.txt,Extras.txt and Security check) are much too large for a single post. I reckon that 4 or more separate posts will be required. This is POST1 OTL.txt (p1) OTL logfile created on: 6/29/2012 9:54:14 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free 3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/29 21:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (3).exe PRC - [2012/02/27 14:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe PRC - [2012/02/10 11:28:06 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/05/16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe PRC - [2010/03/03 12:47:38 | 004,581,280 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe PRC - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE PRC - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE PRC - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ========== Modules (No Company Name) ========== MOD - [2012/02/27 14:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll MOD - [2012/02/27 14:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll MOD - [2011/05/09 22:08:45 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll MOD - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE MOD - [1996/12/09 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL MOD - [1996/12/09 00:00:00 | 001,157,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WWINTL32.DLL MOD - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE MOD - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE MOD - [1996/12/04 00:00:00 | 000,138,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Proof\MSSP232.DLL MOD - [1996/12/04 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/29 12:02:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/11 02:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/12/04 03:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/02 21:45:04 | 000,210,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc) DRV:64bit: - [2011/08/02 21:45:04 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011/08/02 21:45:04 | 000,067,344 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw) DRV:64bit: - [2011/07/12 12:13:40 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2011/07/12 12:13:30 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2011/07/12 12:13:20 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/04 17:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C0BD74D-01B4-4C98-9CA6-0A6110C0497A} IE:64bit: - HKLM\..\SearchScopes\{3C0BD74D-01B4-4C98-9CA6-0A6110C0497A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52} IE - HKLM\..\SearchScopes\{4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80135&lng=en IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {70D46D94-BF1E-45ED-B567-48701376298E} IE - HKCU\..\SearchScopes\{4620AB18-4D95-44EE-817F-728D358E17B9}: "URL" = http://rover.ebay.co...e={searchTerms} IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://localhost:466...q={searchTerms} IE - HKCU\..\SearchScopes\{73AF4F8A-1535-4D53-BBFE-50EA6E6440AB}: "URL" = http://uk.search.yah...p={SearchTerms} IE - HKCU\..\SearchScopes\{AE073DB1-45B8-4428-9E30-A8376DE899B9}: "URL" = http://www.amazon.co...ed&linkCode=ur2 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80135&lng=en IE - HKCU\..\SearchScopes\{FEAA3532-8439-43C6-97CD-054C5632F2D4}: "URL" = http://search.condui...&ctid=CT3196716 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/10 13:32:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012/03/15 13:59:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/06/29 11:56:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/06/29 11:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\John\AppData\Roaming\IDM\idmmzcc5 O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [siteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631}: DhcpNameServer = 10.239.24.5 O18:64bit: - Protocol\Handler\inbox - No CLSID value found

Maurice Running through step5 again I found that the randomized name of the GMER program had changed to qh91ngy0 and was stored in my download folder (the default location for downloads on this computer). Run qh91ngy0.exe as administrator. The GMER window opens. Click Rootkill/malware, unclick registry (all items are unclicked except Services,Files & ADS) then click Scan. The scan took 20 minutes to complete. When completed a message appeared to say GMER hasn’t found any system modification. There doesn’t appear to be any Gmer log produced to copy & save in the ARC folder. Is the above a positive result or does it suggest a fault in the test procedure has occurred?. I think that I have followed the test procedure accurately. Please advise

Many thanks Maurice for your further help. The following are the aswMBA report & the TDSSKiller log. I request a little help with steps 5&6. Please. In step5 where I am instructed to go Here and click the Download exe button & save the file to ARK folder. When I click on Here a new window opens entitled View Downloads-Windows -Internet Explorer . I don’t see a Download exe button. Three files with a run button, ug8ig8q2.exe, tdsskiller.exe & aswMBR.exe are listed therein in addition to OTL.exe which had two buttons, one for run and one for save. I clicked on the save button and got a warning message to say that this program is not commonly downloaded and could harm your computer. Not knowing precisely what I was about I decided to proceed no further until I received clarification of the proceedure. I may also have a problem with step6. When I click on the OTL.exe link the view downloads box as in step5 reopens. Is that the correct response?. Where will I find the Windows7 icon.? I am sorry if I am asking stupid questions but at 82+ I am not as sharp as I once was. Thanks in anticipation, JJMAC AswMBR Report aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-22 15:20:16 ----------------------------- 15:20:16.607 OS Version: Windows x64 6.1.7601 Service Pack 1 15:20:16.607 Number of processors: 1 586 0x170A 15:20:16.607 ComputerName: JOHN-TOSH UserName: John 15:20:20.289 Initialize success 15:20:29.196 AVAST engine defs: 12062101 15:21:38.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 15:21:38.788 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3 15:21:38.803 Disk 0 MBR read successfully 15:21:38.803 Disk 0 MBR scan 15:21:38.819 Disk 0 Windows 7 default MBR code 15:21:38.835 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048 15:21:38.850 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248 15:21:38.881 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296 15:21:38.944 Disk 0 scanning C:\Windows\system32\drivers 15:22:03.077 Service scanning 15:22:36.929 Modules scanning 15:22:36.929 Scan finished successfully 15:25:35.783 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat" 15:25:35.799 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt" Note: On completion of the scan the fix button was not enabled. TDSSKiller log 19:22:08.0939 1584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 19:22:09.0500 1584 ============================================================ 19:22:09.0500 1584 Current date / time: 2012/06/22 19:22:09.0500 19:22:09.0500 1584 SystemInfo: 19:22:09.0500 1584 19:22:09.0500 1584 OS Version: 6.1.7601 ServicePack: 1.0 19:22:09.0500 1584 Product type: Workstation 19:22:09.0500 1584 ComputerName: JOHN-TOSH 19:22:09.0500 1584 UserName: John 19:22:09.0500 1584 Windows directory: C:\Windows 19:22:09.0500 1584 System windows directory: C:\Windows 19:22:09.0500 1584 Running under WOW64 19:22:09.0500 1584 Processor architecture: Intel x64 19:22:09.0500 1584 Number of processors: 1 19:22:09.0500 1584 Page size: 0x1000 19:22:09.0500 1584 Boot type: Normal boot 19:22:09.0500 1584 ============================================================ 19:22:09.0968 1584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:22:09.0968 1584 ============================================================ 19:22:09.0968 1584 \Device\Harddisk0\DR0: 19:22:09.0968 1584 MBR partitions: 19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800 19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170 19:22:09.0968 1584 ============================================================ 19:22:10.0000 1584 C: <-> \Device\Harddisk0\DR0\Partition0 19:22:10.0046 1584 D: <-> \Device\Harddisk0\DR0\Partition1 19:22:10.0046 1584 ============================================================ 19:22:10.0046 1584 Initialize success 19:22:10.0046 1584 ============================================================ 19:23:16.0300 3524 ============================================================ 19:23:16.0300 3524 Scan started 19:23:16.0300 3524 Mode: Manual; SigCheck; TDLFS; 19:23:16.0300 3524 ============================================================ 19:23:17.0548 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:23:17.0641 3524 1394ohci - ok 19:23:17.0719 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:23:17.0750 3524 ACPI - ok 19:23:17.0813 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:23:17.0844 3524 AcpiPmi - ok 19:23:18.0000 3524 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:23:18.0016 3524 AdobeFlashPlayerUpdateSvc - ok 19:23:18.0094 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:23:18.0140 3524 adp94xx - ok 19:23:18.0203 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:23:18.0234 3524 adpahci - ok 19:23:18.0265 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:23:18.0281 3524 adpu320 - ok 19:23:18.0343 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:23:18.0390 3524 AeLookupSvc - ok 19:23:18.0452 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:23:18.0499 3524 AFD - ok 19:23:18.0546 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:23:18.0562 3524 agp440 - ok 19:23:18.0624 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:23:18.0640 3524 ALG - ok 19:23:18.0702 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:23:18.0718 3524 aliide - ok 19:23:18.0749 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:23:18.0780 3524 amdide - ok 19:23:18.0811 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:23:18.0842 3524 AmdK8 - ok 19:23:18.0858 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:23:18.0889 3524 AmdPPM - ok 19:23:18.0952 3524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:23:18.0983 3524 amdsata - ok 19:23:19.0014 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:23:19.0030 3524 amdsbs - ok 19:23:19.0092 3524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:23:19.0108 3524 amdxata - ok 19:23:19.0295 3524 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 19:23:19.0342 3524 Amsp - ok 19:23:19.0388 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:23:19.0451 3524 AppID - ok 19:23:19.0498 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:23:19.0544 3524 AppIDSvc - ok 19:23:19.0622 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:23:19.0669 3524 Appinfo - ok 19:23:19.0716 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:23:19.0732 3524 arc - ok 19:23:19.0747 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:23:19.0778 3524 arcsas - ok 19:23:19.0810 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:23:19.0856 3524 AsyncMac - ok 19:23:19.0903 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:23:19.0919 3524 atapi - ok 19:23:20.0028 3524 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys 19:23:20.0075 3524 athr - ok 19:23:20.0215 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:23:20.0309 3524 AudioEndpointBuilder - ok 19:23:20.0324 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:23:20.0387 3524 AudioSrv - ok 19:23:20.0465 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:23:20.0496 3524 AxInstSV - ok 19:23:20.0574 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:23:20.0621 3524 b06bdrv - ok 19:23:20.0683 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:23:20.0714 3524 b57nd60a - ok 19:23:21.0136 3524 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 19:23:21.0182 3524 BBSvc - ok 19:23:21.0276 3524 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 19:23:21.0292 3524 BBUpdate - ok 19:23:21.0370 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:23:21.0401 3524 BDESVC - ok 19:23:21.0463 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:23:21.0510 3524 Beep - ok 19:23:21.0588 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:23:21.0650 3524 BFE - ok 19:23:21.0822 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 19:23:21.0900 3524 BITS - ok 19:23:21.0947 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:23:21.0978 3524 blbdrive - ok 19:23:22.0025 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:23:22.0056 3524 bowser - ok 19:23:22.0087 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:23:22.0118 3524 BrFiltLo - ok 19:23:22.0118 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:23:22.0150 3524 BrFiltUp - ok 19:23:22.0181 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:23:22.0228 3524 Browser - ok 19:23:22.0399 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:23:22.0446 3524 Brserid - ok 19:23:22.0462 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:23:22.0493 3524 BrSerWdm - ok 19:23:22.0508 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:23:22.0540 3524 BrUsbMdm - ok 19:23:22.0555 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:23:22.0571 3524 BrUsbSer - ok 19:23:22.0586 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:23:22.0618 3524 BTHMODEM - ok 19:23:22.0680 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:23:22.0727 3524 bthserv - ok 19:23:22.0836 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:23:22.0883 3524 cdfs - ok 19:23:22.0945 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 19:23:22.0976 3524 cdrom - ok 19:23:23.0023 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:23:23.0070 3524 CertPropSvc - ok 19:23:23.0195 3524 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 19:23:23.0226 3524 cfWiMAXService - ok 19:23:23.0257 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:23:23.0288 3524 circlass - ok 19:23:23.0351 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:23:23.0366 3524 CLFS - ok 19:23:23.0429 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:23:23.0444 3524 clr_optimization_v2.0.50727_32 - ok 19:23:23.0491 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:23:23.0522 3524 clr_optimization_v2.0.50727_64 - ok 19:23:23.0632 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:23:23.0647 3524 clr_optimization_v4.0.30319_32 - ok 19:23:23.0678 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:23:23.0694 3524 clr_optimization_v4.0.30319_64 - ok 19:23:23.0725 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:23:23.0756 3524 CmBatt - ok 19:23:23.0788 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:23:23.0803 3524 cmdide - ok 19:23:23.0866 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:23:23.0912 3524 CNG - ok 19:23:23.0990 3524 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys 19:23:24.0037 3524 CnxtHdAudService - ok 19:23:24.0068 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:23:24.0084 3524 Compbatt - ok 19:23:24.0146 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:23:24.0178 3524 CompositeBus - ok 19:23:24.0209 3524 COMSysApp - ok 19:23:24.0287 3524 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 19:23:24.0302 3524 ConfigFree Service - ok 19:23:24.0349 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:23:24.0365 3524 crcdisk - ok 19:23:24.0427 3524 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 19:23:24.0458 3524 CryptSvc - ok 19:23:24.0536 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:23:24.0583 3524 DcomLaunch - ok 19:23:24.0958 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:23:25.0020 3524 defragsvc - ok 19:23:25.0067 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:23:25.0114 3524 DfsC - ok 19:23:25.0176 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:23:25.0223 3524 Dhcp - ok 19:23:25.0285 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:23:25.0332 3524 discache - ok 19:23:25.0379 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:23:25.0394 3524 Disk - ok 19:23:25.0457 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:23:25.0472 3524 Dnscache - ok 19:23:25.0550 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:23:25.0597 3524 dot3svc - ok 19:23:25.0691 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:23:25.0738 3524 DPS - ok 19:23:25.0800 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:23:25.0831 3524 drmkaud - ok 19:23:25.0909 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:23:25.0956 3524 DXGKrnl - ok 19:23:26.0003 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:23:26.0065 3524 EapHost - ok 19:23:26.0221 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:23:26.0346 3524 ebdrv - ok 19:23:26.0471 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:23:26.0502 3524 EFS - ok 19:23:26.0596 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:23:26.0642 3524 ehRecvr - ok 19:23:26.0674 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:23:26.0705 3524 ehSched - ok 19:23:26.0767 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:23:26.0814 3524 elxstor - ok 19:23:26.0845 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:23:26.0876 3524 ErrDev - ok 19:23:26.0986 3524 esgiguard - ok 19:23:27.0282 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:23:27.0344 3524 EventSystem - ok 19:23:27.0391 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:23:27.0438 3524 exfat - ok 19:23:27.0469 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:23:27.0516 3524 fastfat - ok 19:23:27.0610 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:23:27.0656 3524 Fax - ok 19:23:27.0672 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:23:27.0703 3524 fdc - ok 19:23:27.0750 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:23:27.0812 3524 fdPHost - ok 19:23:27.0828 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:23:27.0875 3524 FDResPub - ok 19:23:27.0906 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:23:27.0922 3524 FileInfo - ok 19:23:27.0953 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:23:28.0000 3524 Filetrace - ok 19:23:28.0031 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:23:28.0078 3524 flpydisk - ok 19:23:28.0140 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:23:28.0171 3524 FltMgr - ok 19:23:28.0280 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:23:28.0312 3524 FontCache - ok 19:23:28.0405 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:23:28.0421 3524 FontCache3.0.0.0 - ok 19:23:28.0468 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:23:28.0483 3524 FsDepends - ok 19:23:28.0514 3524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 19:23:28.0530 3524 Fs_Rec - ok 19:23:28.0592 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:23:28.0624 3524 fvevol - ok 19:23:28.0686 3524 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys 19:23:28.0702 3524 FwLnk - ok 19:23:28.0795 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:23:28.0811 3524 gagp30kx - ok 19:23:28.0904 3524 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe 19:23:28.0936 3524 GameConsoleService - ok 19:23:29.0029 3524 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe 19:23:29.0045 3524 GoogleDesktopManager-051210-111108 - ok 19:23:29.0138 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:23:29.0185 3524 gpsvc - ok 19:23:29.0294 3524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:23:29.0310 3524 gupdate - ok 19:23:29.0341 3524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:23:29.0357 3524 gupdatem - ok 19:23:29.0404 3524 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:23:29.0419 3524 gusvc - ok 19:23:29.0513 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:23:29.0544 3524 hcw85cir - ok 19:23:29.0622 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:23:29.0653 3524 HdAudAddService - ok 19:23:29.0700 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:23:29.0731 3524 HDAudBus - ok 19:23:29.0778 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:23:29.0794 3524 HidBatt - ok 19:23:29.0809 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:23:29.0840 3524 HidBth - ok 19:23:29.0856 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:23:29.0872 3524 HidIr - ok 19:23:29.0918 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 19:23:29.0965 3524 hidserv - ok 19:23:30.0028 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 19:23:30.0043 3524 HidUsb - ok 19:23:30.0090 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:23:30.0137 3524 hkmsvc - ok 19:23:30.0184 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:23:30.0215 3524 HomeGroupListener - ok 19:23:30.0262 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:23:30.0277 3524 HomeGroupProvider - ok 19:23:30.0340 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:23:30.0355 3524 HpSAMD - ok 19:23:30.0418 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:23:30.0480 3524 HTTP - ok 19:23:30.0511 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:23:30.0527 3524 hwpolicy - ok 19:23:30.0558 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:23:30.0574 3524 i8042prt - ok 19:23:30.0636 3524 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys 19:23:30.0652 3524 iaStor - ok 19:23:30.0730 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:23:30.0745 3524 iaStorV - ok 19:23:30.0886 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:23:30.0901 3524 idsvc - ok 19:23:31.0369 3524 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:23:31.0541 3524 igfx - ok 19:23:31.0650 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:23:31.0666 3524 iirsp - ok 19:23:31.0744 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:23:31.0806 3524 IKEEXT - ok 19:23:31.0853 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:23:31.0868 3524 intelide - ok 19:23:31.0915 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:23:31.0946 3524 intelppm - ok 19:23:32.0024 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:23:32.0087 3524 IPBusEnum - ok 19:23:32.0274 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:23:32.0321 3524 IpFilterDriver - ok 19:23:32.0648 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:23:32.0711 3524 iphlpsvc - ok 19:23:32.0820 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:23:32.0851 3524 IPMIDRV - ok 19:23:33.0007 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:23:33.0054 3524 IPNAT - ok 19:23:33.0101 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:23:33.0132 3524 IRENUM - ok 19:23:33.0163 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:23:33.0179 3524 isapnp - ok 19:23:33.0241 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:23:33.0257 3524 iScsiPrt - ok 19:23:33.0304 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 19:23:33.0319 3524 kbdclass - ok 19:23:33.0350 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 19:23:33.0382 3524 kbdhid - ok 19:23:33.0428 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:33.0460 3524 KeyIso - ok 19:23:33.0491 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:23:33.0522 3524 KSecDD - ok 19:23:33.0569 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:23:33.0584 3524 KSecPkg - ok 19:23:33.0631 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:23:33.0694 3524 ksthunk - ok 19:23:33.0756 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:23:33.0803 3524 KtmRm - ok 19:23:33.0850 3524 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys 19:23:33.0865 3524 L1C - ok 19:23:33.0928 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 19:23:33.0974 3524 LanmanServer - ok 19:23:34.0021 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:23:34.0068 3524 LanmanWorkstation - ok 19:23:34.0099 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:23:34.0146 3524 lltdio - ok 19:23:34.0193 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:23:34.0240 3524 lltdsvc - ok 19:23:34.0255 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:23:34.0318 3524 lmhosts - ok 19:23:34.0364 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:23:34.0380 3524 LSI_FC - ok 19:23:34.0396 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:23:34.0427 3524 LSI_SAS - ok 19:23:34.0442 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:23:34.0458 3524 LSI_SAS2 - ok 19:23:34.0489 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:23:34.0505 3524 LSI_SCSI - ok 19:23:34.0645 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:23:34.0708 3524 luafv - ok 19:23:34.0879 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:23:34.0910 3524 Mcx2Svc - ok 19:23:34.0957 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:23:34.0988 3524 megasas - ok 19:23:35.0082 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:23:35.0098 3524 MegaSR - ok 19:23:35.0144 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:23:35.0191 3524 MMCSS - ok 19:23:35.0222 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:23:35.0285 3524 Modem - ok 19:23:35.0300 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:23:35.0332 3524 monitor - ok 19:23:35.0378 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 19:23:35.0394 3524 mouclass - ok 19:23:35.0425 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:23:35.0441 3524 mouhid - ok 19:23:35.0488 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:23:35.0503 3524 mountmgr - ok 19:23:35.0550 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:23:35.0566 3524 mpio - ok 19:23:35.0597 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:23:35.0644 3524 mpsdrv - ok 19:23:35.0722 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:23:35.0784 3524 MpsSvc - ok 19:23:35.0815 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:23:35.0846 3524 MRxDAV - ok 19:23:35.0893 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:23:35.0924 3524 mrxsmb - ok 19:23:35.0971 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:23:36.0002 3524 mrxsmb10 - ok 19:23:36.0034 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:23:36.0065 3524 mrxsmb20 - ok 19:23:36.0112 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:23:36.0127 3524 msahci - ok 19:23:36.0174 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:23:36.0190 3524 msdsm - ok 19:23:36.0221 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:23:36.0252 3524 MSDTC - ok 19:23:36.0299 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:23:36.0361 3524 Msfs - ok 19:23:36.0392 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:23:36.0439 3524 mshidkmdf - ok 19:23:36.0470 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:23:36.0486 3524 msisadrv - ok 19:23:36.0533 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:23:36.0580 3524 MSiSCSI - ok 19:23:36.0595 3524 MSIServer - ok 19:23:36.0626 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:23:36.0673 3524 MSKSSRV - ok 19:23:36.0689 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:23:36.0751 3524 MSPCLOCK - ok 19:23:36.0751 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:23:36.0814 3524 MSPQM - ok 19:23:37.0110 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:23:37.0126 3524 MsRPC - ok 19:23:37.0219 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:23:37.0235 3524 mssmbios - ok 19:23:37.0282 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:23:37.0328 3524 MSTEE - ok 19:23:37.0344 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:23:37.0360 3524 MTConfig - ok 19:23:37.0422 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:23:37.0453 3524 Mup - ok 19:23:37.0796 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:23:37.0859 3524 napagent - ok 19:23:37.0906 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:23:37.0937 3524 NativeWifiP - ok 19:23:38.0093 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:23:38.0124 3524 NDIS - ok 19:23:38.0171 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:23:38.0202 3524 NdisCap - ok 19:23:38.0249 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:23:38.0280 3524 NdisTapi - ok 19:23:38.0327 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:23:38.0374 3524 Ndisuio - ok 19:23:38.0420 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:23:38.0467 3524 NdisWan - ok 19:23:38.0498 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:23:38.0545 3524 NDProxy - ok 19:23:38.0670 3524 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 19:23:38.0701 3524 Nero BackItUp Scheduler 4.0 - ok 19:23:38.0748 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:23:38.0795 3524 NetBIOS - ok 19:23:38.0842 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:23:38.0888 3524 NetBT - ok 19:23:38.0935 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:38.0951 3524 Netlogon - ok 19:23:39.0013 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:23:39.0076 3524 Netman - ok 19:23:39.0107 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:23:39.0169 3524 netprofm - ok 19:23:39.0263 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:23:39.0294 3524 NetTcpPortSharing - ok 19:23:39.0325 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:23:39.0341 3524 nfrd960 - ok 19:23:39.0403 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:23:39.0466 3524 NlaSvc - ok 19:23:39.0544 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:23:39.0606 3524 Npfs - ok 19:23:39.0653 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:23:39.0715 3524 nsi - ok 19:23:39.0731 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:23:39.0793 3524 nsiproxy - ok 19:23:40.0433 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:23:40.0480 3524 Ntfs - ok 19:23:40.0604 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:23:40.0651 3524 Null - ok 19:23:40.0714 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:23:40.0729 3524 nvraid - ok 19:23:40.0760 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:23:40.0776 3524 nvstor - ok 19:23:40.0823 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:23:40.0838 3524 nv_agp - ok 19:23:40.0870 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:23:40.0901 3524 ohci1394 - ok 19:23:40.0948 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:23:40.0963 3524 p2pimsvc - ok 19:23:41.0026 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:23:41.0057 3524 p2psvc - ok 19:23:41.0088 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:23:41.0119 3524 Parport - ok 19:23:41.0166 3524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 19:23:41.0182 3524 partmgr - ok 19:23:41.0213 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:23:41.0244 3524 PcaSvc - ok 19:23:41.0291 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:23:41.0306 3524 pci - ok 19:23:41.0338 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:23:41.0353 3524 pciide - ok 19:23:41.0384 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:23:41.0416 3524 pcmcia - ok 19:23:41.0431 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:23:41.0447 3524 pcw - ok 19:23:41.0478 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:23:41.0540 3524 PEAUTH - ok 19:23:41.0946 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:23:41.0962 3524 PerfHost - ok 19:23:42.0102 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:23:42.0164 3524 pla - ok 19:23:42.0227 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:23:42.0258 3524 PlugPlay - ok 19:23:42.0289 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:23:42.0305 3524 PNRPAutoReg - ok 19:23:42.0352 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:23:42.0383 3524 PNRPsvc - ok 19:23:42.0445 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:23:42.0492 3524 PolicyAgent - ok 19:23:42.0539 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:23:42.0586 3524 Power - ok 19:23:42.0664 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:23:42.0710 3524 PptpMiniport - ok 19:23:42.0742 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:23:42.0773 3524 Processor - ok 19:23:42.0835 3524 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 19:23:42.0851 3524 ProfSvc - ok 19:23:42.0898 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:42.0929 3524 ProtectedStorage - ok 19:23:42.0976 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:23:43.0022 3524 Psched - ok 19:23:43.0100 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:23:43.0147 3524 ql2300 - ok 19:23:43.0459 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:23:43.0475 3524 ql40xx - ok 19:23:43.0740 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:23:43.0771 3524 QWAVE - ok 19:23:43.0787 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:23:43.0818 3524 QWAVEdrv - ok 19:23:43.0834 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:23:43.0896 3524 RasAcd - ok 19:23:43.0943 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:23:43.0990 3524 RasAgileVpn - ok 19:23:44.0114 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:23:44.0161 3524 RasAuto - ok 19:23:44.0192 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:23:44.0239 3524 Rasl2tp - ok 19:23:44.0426 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:23:44.0473 3524 RasMan - ok 19:23:44.0520 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:23:44.0567 3524 RasPppoe - ok 19:23:44.0582 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:23:44.0629 3524 RasSstp - ok 19:23:44.0926 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:23:44.0988 3524 rdbss - ok 19:23:45.0035 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:23:45.0050 3524 rdpbus - ok 19:23:45.0082 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:23:45.0128 3524 RDPCDD - ok 19:23:45.0160 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:23:45.0206 3524 RDPENCDD - ok 19:23:45.0222 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:23:45.0269 3524 RDPREFMP - ok 19:23:45.0316 3524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 19:23:45.0347 3524 RDPWD - ok 19:23:45.0394 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:23:45.0425 3524 rdyboost - ok 19:23:45.0456 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:23:45.0518 3524 RemoteAccess - ok 19:23:45.0550 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:23:45.0596 3524 RemoteRegistry - ok 19:23:45.0643 3524 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys 19:23:45.0659 3524 Revoflt - ok 19:23:45.0706 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:23:45.0752 3524 RpcEptMapper - ok 19:23:45.0784 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:23:45.0815 3524 RpcLocator - ok 19:23:45.0877 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:23:45.0924 3524 RpcSs - ok 19:23:45.0971 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:23:46.0018 3524 rspndr - ok 19:23:46.0096 3524 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys 19:23:46.0127 3524 RSUSBSTOR - ok 19:23:46.0174 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:46.0189 3524 SamSs - ok 19:23:46.0220 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:23:46.0236 3524 sbp2port - ok 19:23:46.0267 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:23:46.0314 3524 SCardSvr - ok 19:23:46.0361 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:23:46.0408 3524 scfilter - ok 19:23:46.0798 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:23:46.0860 3524 Schedule - ok 19:23:46.0907 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:23:46.0954 3524 SCPolicySvc - ok 19:23:46.0969 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:23:47.0000 3524 SDRSVC - ok 19:23:47.0078 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:23:47.0125 3524 secdrv - ok 19:23:47.0156 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:23:47.0203 3524 seclogon - ok 19:23:47.0234 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 19:23:47.0281 3524 SENS - ok 19:23:47.0328 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:23:47.0344 3524 SensrSvc - ok 19:23:47.0390 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:23:47.0406 3524 Serenum - ok 19:23:47.0437 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:23:47.0453 3524 Serial - ok 19:23:47.0515 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:23:47.0531 3524 sermouse - ok 19:23:47.0578 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:23:47.0624 3524 SessionEnv - ok 19:23:47.0671 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:23:47.0687 3524 sffdisk - ok 19:23:47.0718 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:23:47.0749 3524 sffp_mmc - ok 19:23:47.0780 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:23:47.0796 3524 sffp_sd - ok 19:23:47.0827 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:23:47.0858 3524 sfloppy - ok 19:23:47.0921 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:23:47.0968 3524 SharedAccess - ok 19:23:48.0014 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:23:48.0077 3524 ShellHWDetection - ok 19:23:48.0092 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:23:48.0108 3524 SiSRaid2 - ok 19:23:48.0155 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:23:48.0170 3524 SiSRaid4 - ok 19:23:48.0217 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:23:48.0264 3524 Smb - ok 19:23:48.0326 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:23:48.0342 3524 SNMPTRAP - ok 19:23:48.0389 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:23:48.0404 3524 spldr - ok 19:23:48.0529 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:23:48.0592 3524 Spooler - ok 19:23:48.0794 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:23:48.0872 3524 sppsvc - ok 19:23:48.0997 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:23:49.0044 3524 sppuinotify - ok 19:23:49.0106 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:23:49.0138 3524 srv - ok 19:23:49.0185 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:23:49.0216 3524 srv2 - ok 19:23:49.0247 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:23:49.0278 3524 srvnet - ok 19:23:49.0325 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:23:49.0372 3524 SSDPSRV - ok 19:23:49.0403 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:23:49.0465 3524 SstpSvc - ok 19:23:49.0497 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:23:49.0512 3524 stexstor - ok 19:23:49.0606 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:23:49.0637 3524 stisvc - ok 19:23:49.0668 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:23:49.0684 3524 swenum - ok 19:23:49.0746 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:23:49.0824 3524 swprv - ok 19:23:49.0871 3524 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys 19:23:49.0902 3524 SynTP - ok 19:23:50.0043 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:23:50.0121 3524 SysMain - ok 19:23:50.0245 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:23:50.0292 3524 TabletInputService - ok 19:23:50.0339 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:23:50.0401 3524 TapiSrv - ok 19:23:50.0448 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:23:50.0511 3524 TBS - ok 19:23:50.0698 3524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 19:23:50.0745 3524 Tcpip - ok 19:23:50.0932 3524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 19:23:50.0994 3524 TCPIP6 - ok 19:23:51.0119 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:23:51.0150 3524 tcpipreg - ok 19:23:51.0213 3524 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys 19:23:51.0228 3524 tdcmdpst - ok 19:23:51.0275 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:23:51.0291 3524 TDPIPE - ok 19:23:51.0353 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:23:51.0369 3524 TDTCP - ok 19:23:51.0415 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:23:51.0462 3524 tdx - ok 19:23:51.0634 3524 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe 19:23:51.0649 3524 TemproMonitoringService - ok 19:23:51.0759 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:23:51.0774 3524 TermDD - ok 19:23:51.0837 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:23:51.0899 3524 TermService - ok 19:23:51.0930 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:23:51.0961 3524 Themes - ok 19:23:51.0993 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:23:52.0039 3524 THREADORDER - ok 19:23:52.0117 3524 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 19:23:52.0133 3524 TMachInfo - ok 19:23:52.0180 3524 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys 19:23:52.0211 3524 tmactmon - ok 19:23:52.0273 3524 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys 19:23:52.0289 3524 tmcomm - ok 19:23:52.0320 3524 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys 19:23:52.0336 3524 tmeevw - ok 19:23:52.0383 3524 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys 19:23:52.0398 3524 tmevtmgr - ok 19:23:52.0429 3524 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys 19:23:52.0445 3524 tmnciesc - ok 19:23:52.0492 3524 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys 19:23:52.0507 3524 tmtdi - ok 19:23:52.0554 3524 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe 19:23:52.0585 3524 TODDSrv - ok 19:23:52.0710 3524 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 19:23:52.0726 3524 TosCoSrv - ok 19:23:52.0788 3524 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 19:23:52.0804 3524 TOSHIBA HDD SSD Alert Service - ok 19:23:52.0851 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:23:52.0913 3524 TrkWks - ok 19:23:53.0007 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:23:53.0053 3524 TrustedInstaller - ok 19:23:53.0163 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:23:53.0209 3524 tssecsrv - ok 19:23:53.0272 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:23:53.0287 3524 TsUsbFlt - ok 19:23:53.0334 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:23:53.0381 3524 tunnel - ok 19:23:53.0443 3524 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 19:23:53.0459 3524 TVALZ - ok 19:23:53.0490 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:23:53.0506 3524 uagp35 - ok 19:23:53.0958 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:23:54.0005 3524 udfs - ok 19:23:54.0083 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:23:54.0114 3524 UI0Detect - ok 19:23:54.0161 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:23:54.0192 3524 uliagpkx - ok 19:23:54.0255 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:23:54.0286 3524 umbus - ok 19:23:54.0317 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:23:54.0348 3524 UmPass - ok 19:23:54.0754 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:23:54.0816 3524 upnphost - ok 19:23:54.0957 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 19:23:54.0988 3524 usbccgp - ok 19:23:55.0035 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:23:55.0050 3524 usbcir - ok 19:23:55.0113 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:23:55.0128 3524 usbehci - ok 19:23:55.0175 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:23:55.0206 3524 usbhub - ok 19:23:55.0253 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:23:55.0269 3524 usbohci - ok 19:23:55.0315 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:23:55.0347 3524 usbprint - ok 19:23:55.0471 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:23:55.0487 3524 USBSTOR - ok 19:23:55.0534 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 19:23:55.0549 3524 usbuhci - ok 19:23:55.0752 3524 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 19:23:55.0783 3524 usbvideo - ok 19:23:55.0846 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:23:55.0893 3524 UxSms - ok 19:23:55.0986 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:23:56.0017 3524 VaultSvc - ok 19:23:56.0064 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:23:56.0095 3524 vdrvroot - ok 19:23:56.0657 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:23:56.0704 3524 vds - ok 19:23:56.0766 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:23:56.0782 3524 vga - ok 19:23:56.0860 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:23:56.0907 3524 VgaSave - ok 19:23:57.0172 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:23:57.0187 3524 vhdmp - ok 19:23:57.0234 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:23:57.0250 3524 viaide - ok 19:23:57.0375 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:23:57.0390 3524 volmgr - ok 19:23:57.0609 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:23:57.0624 3524 volmgrx - ok 19:23:57.0827 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:23:57.0858 3524 volsnap - ok 19:23:57.0889 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:23:57.0905 3524 vsmraid - ok 19:23:59.0309 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:23:59.0387 3524 VSS - ok 19:24:00.0183 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:24:00.0214 3524 vwifibus - ok 19:24:00.0245 3524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:24:00.0276 3524 vwififlt - ok 19:24:00.0292 3524 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 19:24:00.0323 3524 vwifimp - ok 19:24:00.0697 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:24:00.0760 3524 W32Time - ok 19:24:00.0838 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:24:00.0869 3524 WacomPen - ok 19:24:00.0931 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:24:00.0978 3524 WANARP - ok 19:24:00.0994 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:24:01.0041 3524 Wanarpv6 - ok 19:24:01.0212 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 19:24:01.0243 3524 WatAdminSvc - ok 19:24:01.0353 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:24:01.0399 3524 wbengine - ok 19:24:02.0304 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:24:02.0335 3524 WbioSrvc - ok 19:24:02.0616 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:24:02.0647 3524 wcncsvc - ok 19:24:02.0694 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:24:02.0725 3524 WcsPlugInService - ok 19:24:02.0819 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:24:02.0835 3524 Wd - ok 19:24:02.0975 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:24:03.0006 3524 Wdf01000 - ok 19:24:03.0131 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:24:03.0162 3524 WdiServiceHost - ok 19:24:03.0178 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:24:03.0209 3524 WdiSystemHost - ok 19:24:03.0303 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:24:03.0334 3524 WebClient - ok 19:24:03.0412 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:24:03.0459 3524 Wecsvc - ok 19:24:03.0505 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:24:03.0552 3524 wercplsupport - ok 19:24:03.0599 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:24:03.0646 3524 WerSvc - ok 19:24:03.0708 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:24:03.0755 3524 WfpLwf - ok 19:24:03.0786 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:24:03.0802 3524 WIMMount - ok 19:24:03.0864 3524 WinDefend - ok 19:24:03.0880 3524 WinHttpAutoProxySvc - ok 19:24:04.0192 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:24:04.0239 3524 Winmgmt - ok 19:24:04.0878 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:24:04.0956 3524 WinRM - ok 19:24:06.0017 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:24:06.0079 3524 Wlansvc - ok 19:24:07.0031 3524 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:24:07.0093 3524 wlidsvc - ok 19:24:07.0920 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:24:07.0951 3524 WmiAcpi - ok 19:24:08.0092 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:24:08.0170 3524 wmiApSrv - ok 19:24:08.0232 3524 WMPNetworkSvc - ok 19:24:08.0279 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:24:08.0295 3524 WPCSvc - ok 19:24:08.0466 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:24:08.0497 3524 WPDBusEnum - ok 19:24:08.0529 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:24:08.0575 3524 ws2ifsl - ok 19:24:08.0716 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 19:24:08.0747 3524 wscsvc - ok 19:24:08.0747 3524 WSearch - ok 19:24:10.0447 3524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 19:24:10.0510 3524 wuauserv - ok 19:24:11.0243 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:24:11.0290 3524 WudfPf - ok 19:24:11.0321 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:24:11.0368 3524 WUDFRd - ok 19:24:11.0493 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:24:11.0539 3524 wudfsvc - ok 19:24:11.0867 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:24:11.0914 3524 WwanSvc - ok 19:24:11.0976 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:24:14.0269 3524 \Device\Harddisk0\DR0 - ok 19:24:14.0301 3524 Boot (0x1200) (857adc8aa145ed29b100702fb178b13b) \Device\Harddisk0\DR0\Partition0 19:24:14.0316 3524 \Device\Harddisk0\DR0\Partition0 - ok 19:24:14.0347 3524 Boot (0x1200) (68940da91f4f91d95be816d03b3032c6) \Device\Harddisk0\DR0\Partition1 19:24:14.0347 3524 \Device\Harddisk0\DR0\Partition1 - ok 19:24:14.0363 3524 ============================================================ 19:24:14.0363 3524 Scan finished 19:24:14.0363 3524 ============================================================ 19:24:14.0379 3480 Detected object count: 0 19:24:14.0379 3480 Actual detected object count: 0 19:35:14.0801 3956 Deinitialize success

Hallo Maurice Many thanks for your prompt reply. As instructed I downloaded DDS and saved it to my desktop. I changed my antivirus program from mcafee internet security to Trend Micro Titanium about 4 weeks ago. In the Trent Micro program I added \desktop\dds.scr to the exception list in which scans and other kinds of monitoring are ignored. After running dds.scr two log files namely (1)DDS.TXT and (2) ATTACH.TXT were created & shown in the DDS window. However, when I closed the DDS window only the DDS log file opened. There must be something amiss somewhere. Does Malwarebytes have a script blocker? For what it is worth here is the DDS log file. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by John at 11:58:27 on 2012-06-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.888 [GMT 1:00] . AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe C:\Program Files (x86)\Microsoft Money\System\Money Express.exe C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\SiteRanker\SiteRankTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PC Cleaners\PCCleaners.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en uDefault_Page_URL = hxxp://toshiba.msn.com uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mWinlogon: Userinit=userinit.exe, BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe" uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun: [siteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll BHO-X64: WiseConvert - No File BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun-x64: [siteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL . ============= SERVICES / DRIVERS =============== . R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448] R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512] R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?] R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 257696] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-14 16:15:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 16:15:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 16:15:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 16:15:18 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 16:15:15 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 16:15:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 16:15:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 16:15:04 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 16:14:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 16:14:56 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 16:14:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 16:14:37 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 16:14:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 16:14:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 16:14:36 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 16:14:36 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 16:14:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-12 13:39:18 -------- d-----w- C:\Users\John\AppData\Roaming\iolo 2012-06-12 13:39:18 -------- d-----w- C:\ProgramData\iolo 2012-05-24 13:18:27 -------- d-----w- C:\Users\John\AppData\Local\VS Revo Group 2012-05-24 13:17:57 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-05-24 13:17:54 -------- d-----w- C:\Program Files\VS Revo Group 2012-05-24 10:19:11 -------- d-----w- C:\Program Files (x86)\PC Cleaners 2012-05-23 19:07:34 -------- d-----w- C:\Users\John\AppData\Roaming\PC Cleaners 2012-05-23 19:07:02 -------- d-----w- C:\Users\John\AppData\Roaming\PCPro 2012-05-23 19:06:59 4101392 ----a-w- C:\Windows\uninst.exe 2012-05-23 19:06:53 -------- d-----w- C:\ProgramData\PC1Data . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-10 11:25:46 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat 2012-05-09 21:53:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-09 21:53:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 17:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-04-04 17:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 11:59:39.54 =============== You asked if this system is the same as the one that had security.ink malware? The security.ink infection (howtopic=108868)was on my Desktop. This infection is on my laptop. Both computers are connected to my home network through a router. The laptop was infrequently used prior to the infection of the desktop. It has been in daily use since then. I don’t think that the laptop infection has a connection with the desktop one. The laptop shows no symptoms of infection, it is fast and runs smoothly unlike my desktop which in recent months had become painfully slow with frequent hang ups until security ink prevented every program from even starting. My antivirus provider failed to detect infection in either computer and kept assuring me that I was fully protected, that my computers were secure. I don’t know how long the two infections have been on my laptop but had the infection on my desktop not become acute I have no doubt that, with a false sense of security, I would continue using my laptop in blissful ignorance of the risks I was taking. Regarding the Attach.txt log. I did get a message saying that Attach.txt had been created but I was unable to open its log. I have searched everywhere on the computer for Attach.txt and the file was not found. I have repeated the whole procedure a number of times with the same result. It is strange that the dds log file opened OK . Have you any suggestions as to how I might resolve this issue? Kind Regards JJMAC

Halo A scan carried out on my Laptop found two virus issues 1. PC Performer_GG.exe.exe (PUP.Bundleinstaller.IB) &amp; 2. Temporary Internet file\Silverlight.exe (Trojan Agent). Both items were quarantined and removed. McAfee Internet Security did not detect either item. Please advise Has item (1) been completely removed ie. no hidden backdoor left? Item (2) I googled Silverlight.exe for information thereon and received a Yahoo answer: if it is Silverlight.exe it is OK , Microsoft installed it when you got updates. If it is SILVERLIGHT.EXE (all in CAPS) it is malware. I assume that the information by Yahoo is incorrect and that silverlight.exe in lower case is in fact a Trojan. If so has a backdoor been left? Is there any way to chcck for the presence of hidden backdoors? My desktop computer has been infected with internet security.ink and I have taken it out of service until I get round to reformating its hard disk and reinstalling Windows Vista. Many thanks JJMAC Ps I am not sure if I have been able to attasch the log file correctly

Halo A scan carried out on my Laptop found two virus issues 1. PC Performer_GG.exe.exe (PUP.Bundleinstaller.IB) &amp; 2. Temporary Internet file\Silverlight.exe (Trojan Agent). Both items were quarantined and removed. McAfee Internet Security did not detect either item. Please advise Has item (1) been completely removed ie. no hidden backdoor left? Item (2) I googled Silverlight.exe for information thereon and received a Yahoo answer: if it is Silverlight.exe it&#39;s OK . Microsoft installed it when you got updates. If it is SILVERLIGHT.EXE (all in CAPS) it is malware. I assume that the information by Yahoo is incorrect and that silverlight.exe in lower case is in fact a Trojan. If so has a backdoor been left? Is there any way to chcck for the presence of hidden backdoors? My desktop computer has been infected with internet security.ink and I have taken it out of service until I get round to reformating its hard disk and reinstalling Windows Vista. Many thanks JJMAC