JJMAC

December 14, 2013

Maurice I do apologise. I had intended the issue with my Laptop to be sent as a new topic. I don't know how it got tagged on to my previous topic "Help with removal of hidden backdoor(s} left by Trojans is needed to which you replied on 11 December to which the following is my reply thereto. [to dispose of the Laptop issue I can confirm that I have removed all the PUP detections and a new scan confirmed that they were gone]

Reply to Maurice Naggar's post dated 11 Dec. 2012

Many thanks Maurice for your reply. Very helpful as always.

I have already tried to get information from Dell support without success. I sent an email to dell_direct_support@dell.com on 28 Nov.in which I said that I have the Dell Reinstallation DVD for windows vista home premium and asked "should I have or will I require a Dell DVD which would automatically reformat the hard disk, reinstall drivers and preinstalled programs so as to restore the computer to its original condition when new". I also pointed out that drive D would be wiped when reformatted and asked where could I obtain the files required to restore drive D. I got no reply.

When I go on line, select Dell Product Support and enter my Service Tag (CFBRT2J) my Computer is correctly identified including the date it was shipped and the date on which the warranty expired but when I try to log onto Technical Support my Service Tag is not recognised. I did, however, manage to get through to technical support on the telephone. I was asked for my Service Tag, my name, address, telephone number etc. before I was put through to a Technician. I am 84 years of age and my hearing, particularly on the phone, is not good. The technician was a foreign national and I had extreme difficulty following what he was saying and he obviously did not follow what I was asking. I did however gather that he wanted permission to remotely access my computer in order to fix my issue.

I repeatedly asked if he would intend to reformat the hard disk and I understood him to say that would not be necessary. After ¾ hour I terminated the call without getting the information I was looking for..

He sent me an email offering to fix my issue (without saying what my issue was) but as my computer was out of warranty there would be a charge of £69 for a single incident. . He has telephoned me twice since then seeking my approval of his offer. There is no way I will agree to any proposal that will not leave me confident that my computer is clean. This is ridiculous. All I am asking for is information on the availability of any software/files required for the clean restoration of the operating system being items in addition to the reinstallation DVD for Windows Vista home premium 32bit which I already have. I am not seeking Dell Technical Support per se. I intend to pursue this further with Dell.

Incidentally I think that the Dell reinstallation DVD will probably fully install fresh Windows without needing any files in Recovery Disk D or from an external source. The writing on the label on the disk is shown below:

OPERATING SYSTEM

ALREADY INSTALLED ON YOUR COMPUTER

Reinstallation DVD

Windows Vista Home Premium 32BIT

The software is already

Installed on your computer Support for these products

Only use this DVD to reinstall is provided by Dell

The operating system on a DELL PC

For Distribution Only

This DVD is not for reinstallation of With a New Dell PC.

Programs or drivers.

DELL

www.dell.com !! support.dell.com

@2007 Dell inc

Portions@ 2007 Microsoft Corporation

P/N HY484

There is a Help File on the DVD entitled INSTALLATION INSTRUCTIONS

These instructions are for

Upgrading Windows when you already have a version of Windows on your Computer and you want to keep your File Settings & Program
1. Installing a new version of Windows when you want to replace your current Operating System

2. You have an operating System installed on your Computer and you want to install Windows on

an available Separate Partition of your Hard Disk

You have a Computer with no Operating System installed.

It may be possible that the above instructions applied to the original Microsoft Windows Operating System before it was modified by DELL. In which case I will still seek conformation from Dell that their reinstallation DVD will fully install fresh Windows.

The DELL FACTORY IMAGE RESTORE UTILITY is in RecoveryD/Tools/PCRestore . I don’t think it was ever hidden.

It might be possible to create a restore disk from the factory created partition on the hard drive but I would not attempt to do so if there was any risk of Drive D being infected.

If there is no risk or only a very remote risk of Drive D being infected would it be feasible to reformat Drive C only and leave the drive D partition as is.?

Will the Diskpart.exe utility be found on the Dell reinstallation DVD. ?

I have backed up Document files and Photos. That’s all I intend to Backup and intend to restore only a few if any of these.

Do I read your instructions correctly

Set the bios to boot from the DVD first. Insert the DVD. Start the computer and let it boot to a command prompt. Install Windows Vista and when asked Where do you want to install Windows screen press SHIFT+F10 to open a command prompt. Click start, click run and type diskpart. Follow instructions to clean the disk and permanently remove all the data and all the partitions.

Does this clean up program also reformat the hard disk.?

At what stage is the hard disk repartitioned ?

Maurice I am afraid I will now have to put this issue once more on the back burner until after Christmas as I am caught up with other things.

May I wish you a happy Christmas and thank you for all your help.

Regards

JJMAC

December 11, 2013

I have a financial portfolio in an Excel file stored in a USB memory stick which I update weekly on my Laptop. Two days ago I opened my portfolio on my Laptop, and as I normally do, updated the portfolio and then in the usual way tried to save it in the memory stick thus overwriting the (portfolio) file therein, but that did not happen. Instead I got a message to say that the file could not be saved in drive F (the memory stick) but instead it had been saved in a temporary file with an eight character alpha numerical file name. I then opened Drive F where I found the temporary file but the original portfolio file had disappeared. I became concerned that the disappearance of the portfolio file might be caused by a virus so I scanned the computer with the MalwareBytes program. A log of the scan,which detected 103 objects, is appended hereto. I decided not to delete these objects until after I have your advice as to the nature of them and in particular whether they indicate that my portfolio may have been hacked during the short period I had it opened on my laptop. The reason I had my Portfolio stored on a memory stick was to avoid storing sensitive files on my laptop as a safeguard against it being stolen.

Thank you

JJMAC

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
John :: JOHN-TOSH [administrator]

10/12/2013 15:20:37
MBAM-log-2013-12-10 (16-00-50).txt

Memory Processes Detected: 3
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 2756 -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> 2772 -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> 2944 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncher (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> No action taken.
HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKLM\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} (PUP.Optional.Searchqu) -> No action taken.
HKCR\TypeLib\{841D5A49-E48D-413c-9C28-EB3D9081D705} (PUP.Optional.Searchqu) -> No action taken.
HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} (PUP.Optional.Searchqu) -> No action taken.
HKCR\DnsBHO.BHO.1 (PUP.Optional.Searchqu) -> No action taken.
HKCR\DnsBHO.BHO (PUP.Optional.Searchqu) -> No action taken.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Data: C:\PROGRA~2\SRTOOL~1\Datamngr\DATAMN~1.EXE -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Utility Chest Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UtilityChest_49 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\2.bin\39srchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\MAPSGA~2\bar\2.bin\39brmon.exe -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) Good: () -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) Good: () -> No action taken.

Folders Detected: 6
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\24x7Help (PUP.Optional.24x7.A) -> No action taken.

Files Detected: 50
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39sknlcr.dll (PUP.Optional.FunWebProducts.A) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\Users\John\Downloads\MapsSetup (1).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (2).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (3).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (4).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (5).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (6).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (7).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (8).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (9).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39SrchMn.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\24x7Help\24x7desk.64.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\24x7desk.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Help.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Help.old.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook64.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\unins000.exe (PUP.Optional.24x7.A) -> No action taken.

(end)

December 6, 2013

Hallo

I had not quite finished my post when it took off and was sent prematurely

Other queries

If the recovery utility installed in drive D restores the computer to its factory condition would that not be equivalent to reformatting the disk. There was no virus on the computer when it left the factory.

Would I be correct in thinking that the recovery utility will overwrite all third party programs installed after purchase in addition to personal files and restore only the programs which were preinstalled when new?

It would be great if that was the case, Of course if drive D is reformatted the utility will be wiped out.

JJMAC

December 6, 2013

This post is a follow up to a previous topic entitled "Rogue Program Internet Security.ink has been removed but has my personal data been compromised" which I started on 19 April 2012 in "Resolved Highjack this Logs" and in particular to Maurice Nagger's response thereto on 7 May 2012 which described in great detail the steps I need to take to ensure the integrity of my computer. These steps included the reformat of the hard drive. I have put that task on the back burner with the computer meanwhile disconnected from the internet. I am now preparing to grasp the nettle and reformat the hard disk. The hard disk in my Dell Dimension E520 computer has two partitions, Drive C and Drive D.

Drive D is labelled "Recovery" and contains a utility labelled "DELL FACTORY IMAGE RESTORE" with a description "This utility will restore your system to the state it was in when it left the factory. In order to return the system to the factory state all personal files will be overwritten"

I sought help from a Dell Community Forum. I asked the community for information on the availability of the software or other items I will require to restore the computer to its factory condition after reformatting the hard disk, being items in addition to the Dell Restoration DVD for Windows Vista Home Premium 32 bit which was bundled with the computer when new.

I received the following reply from one member of the forum.

"If you boot up from live media (such as Windows 7 DVD) and use the repair options to open a command prompt, nyou can run the BOOTREX/FIXMBR and BOOTREC/FIXBOOT commands that will overwrite the Master Boot Record where the Trojans might be activated. Once that's done booting from the hard drive won't activate the Trojans and any rootkit-type cloaking they might use. Afterwards, reinstall Windows and the Trojans should be deactivated. There's nothing magic about Trojans"

In my reply I pointed out that his advice differed from that which I had received which that I should reformat the hard disk to remove all hidden back doors left by Trojans.

I could be attracted to the following Modus Operandi

1 Boot from Dell reinstallation Disk for Windows Vista Premium 32 bit

2 Run BOOTREX/FIXMBR & BOOTREC/FIXBOOT

3 Reboot from Hard Drive

4 Run a PC Cleaner

5 Reformat the hard drive and reinstall Vista operating system.

The problem here is that if drive D is formatted I could not restore it including the recovery utility unless I can download the required files from Dell's web Site.

Please advise on above steps including their sequence. I added step 4 after seeing a statement in the promotional literature for a PC Cleaning program claiming that reformatting the HD will not remove hidden files. I don't know if that claim has any substance. Please advise.

Other queries

1I have assumed that reformatting the hard drive will include Drive D as well as Drive C. Am I correct?

December 6, 2012

Dear MrC

Thank you for your prompt reply. I have uninstalled inboxToolbar & Searchqu Toolbar. Here are the LOGFILES you requested

ADWCLEANER LOGFILE

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 17:53:11

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : John - JOHN-TOSH

# Boot Mode : Normal

# Running from : C:\Users\John\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : 24x7HelpSvc

***** [Files / Folders] *****

File Deleted : C:\Users\John\AppData\Local\Temp\searchqutoolbar-manifest.xml

File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\Public\Desktop\iLivid.lnk

File Deleted : C:\Users\Public\Desktop\RebateGiant.com.url

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Ilivid

Folder Deleted : C:\Program Files (x86)\Inbox.com

Folder Deleted : C:\Program Files (x86)\RebateInformer

Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar

Folder Deleted : C:\Program Files (x86)\WiseConvert

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer

Folder Deleted : C:\Users\John\AppData\Local\Conduit

Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl

Folder Deleted : C:\Users\John\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\John\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\John\AppData\LocalLow\searchquband

Folder Deleted : C:\Users\John\AppData\LocalLow\WiseConvert

Folder Deleted : C:\Users\John\AppData\Roaming\24x7 Help

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\CToolbar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Deleted : HKLM\Software\24x7HELP

Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client

Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script

Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server

Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo

Key Deleted : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO

Key Deleted : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen

Key Deleted : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\CToolbar

Key Deleted : HKLM\Software\ilivid

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\Software\WiseConvert

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5569FDC6-10A6-49DC-AEF3-8CB1611EEB5D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB5E3782-13B7-4BE2-A905-6E30A2ADFAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RebateInformer]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en",

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en" ]

Deleted [l.39] : icon_url = "hxxp://search.conduit.com/fav.ico",

Deleted [l.42] : keyword = "search.conduit.com",

Deleted [l.45] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]

Deleted [l.1228] : homepage = "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en",

Deleted [l.1427] : urls_to_restore_on_startup = [ "hxxp://www.inbox.com/homepage.aspx?tbid=80678&lng=en" ]

*************************

AdwCleaner[s2].txt - [11404 octets] - [05/12/2012 17:53:11]

########## EOF - C:\AdwCleaner[s2].txt - [11465 octets] ##########

Mbar-Log 1^st Run

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.05.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

05/12/2012 20:25:03

mbar-log-2012-12-05 (20-25-03).txt

Scan type: Quick scan

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27424

Time elapsed: 25 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\ARTGALRY.CAG (Trojan.Downloader) -> Delete on reboot. [a952d009c39ab97de48010381fe2669a]

(end)

Mbar Log 2^nd Run

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.05.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

05/12/2012 21:04:25

mbar-log-2012-12-05 (21-04-25).txt

Scan type: Quick scan

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27308

Time elapsed: 21 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

At the start of the first MBAR scan I received the following message: Registry value "AppInit_Dlls" has been found which may be caused by rootkil activity. Press the "No" if you are not sure. If the tool crashes during a system scan restart and if the message is reoeated click the yes button.

I clicked the "no" button at the start of both runs. No crash occurred.

December 4, 2012

Many thanks for your help.

The 2 logs and the report requested follow but may require more than 1 post. In addition to the Trojan removed by Malwarebytes on 2/12/12, Trend Micro (my internet security program) has now reported that on 3/12/12 mbam-setup.exe had been deleted for my protection.. You do not need to do anything else. Affected file:C:\PROGRAMDATA\Malwa...

Threat:: TROJ.FAKEAV.BMC. Response: REMOVED

Post no. 1 DDS.txt.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1

Run by John at 18:13:05 on 2012-12-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.796 [GMT 0:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe

C:\Program Files (x86)\24x7Help\App24x7Svc.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\RebateInformer\RebateInf.exe

C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Inbox Toolbar\Inbox.exe

C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\24x7Help\App24x7Help.exe

C:\Program Files (x86)\24x7Help\App24x7Hook.exe

C:\Program Files (x86)\24x7Help\App24x7Hook64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\consent.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll

uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>

mURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>

BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll

BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP

uRun: [MRC] "C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe" /MBRSTART

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP

mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP

mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DHCPNameServer = 10.239.24.5

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll

AppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>

x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-5-10 77184]

R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-9-23 394392]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-8 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]

R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-5-10 67344]

R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2012-5-10 210704]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-5-24 31800]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 232992]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-19 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-10 1255736]

.

=============== Created Last 30 ================

.

2012-11-25 17:28:54 -------- d-----w- C:\Users\John\AppData\Roaming\Quat

2012-11-25 17:28:53 -------- d-----w- C:\Users\John\AppData\Roaming\Xagaf

2012-11-23 19:24:22 -------- d-----w- C:\MyBackup

2012-11-23 18:47:06 -------- d-----w- C:\Program Files (x86)\PC Tune-Up

2012-11-16 00:35:26 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 00:35:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 00:35:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 00:35:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 00:23:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-16 00:23:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-16 00:23:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-16 00:23:38 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-16 00:23:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-16 00:23:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 00:23:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-15 21:32:09 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-11-15 21:32:09 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-11-15 21:32:09 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-11-15 21:32:09 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-11-15 21:32:03 3149824 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-10 13:56:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 13:56:53 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 19:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-24 22:01:12 107048 ----a-w- C:\Windows\System32\drivers\tmactmon.sys

2012-09-24 22:00:36 77184 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys

2012-09-24 22:00:00 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 18:14:19.55 ===============

ATTACH.TXT

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 09/05/2011 18:27:05

System Uptime: 04/12/2012 16:54:13 (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 81.745 GiB free.

D: is FIXED (NTFS) - 116 GiB total, 109.178 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP89: 10/10/2012 18:35:55 - Windows Update

RP90: 10/10/2012 23:49:01 - Windows Update

RP91: 01/11/2012 17:13:09 - TITANUIMRES5[0x01001101]

RP92: 01/11/2012 17:19:40 - TITANUIMRES5[0x01001101]

RP93: 16/11/2012 00:22:37 - Windows Update

RP94: 25/11/2012 14:13:32 - Scheduled Checkpoint

RP95: 27/11/2012 23:40:52 - Windows Update

.

==== Installed Programs ======================

.

24x7 Help

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Advertising Center

Amazon.co.uk

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Bing Bar

Chuzzle Deluxe

Conexant HD Audio

Diner Dash 2 Restaurant Rescue

eBay

FATE

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

iLivid

ImagXpress

Inbox Toolbar

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Internet TV for Windows Media Center

Java Auto Updater

Java™ 6 Update 25 (64-bit)

Java™ 7 Update 5

JavaFX 2.1.1

Jewel Quest II

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Excel 97

Microsoft Money 2001

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Word 97

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BackItUp

Nero BackItUp and Burn

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero RescueAgent

Nero StartSmart

Nero StartSmart Help

NeroExpress

neroxml

ParetoLogic FileCure

PC Tune-Up

Penguins!

Photo Service - powered by myphotobook

Plants vs. Zombies

PlayReady PC Runtime amd64

Polar Bowler

Realtek USB 2.0 Card Reader

RebateInformer

Revo Uninstaller Pro 2.5.8

Searchqu Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

SiteRanker

Skype Toolbars

Skype™ 5.10

Synaptics Pointing Device Driver

Toshiba Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Online Product Information

TOSHIBA Recovery Media Creator

TOSHIBA Recovery Media Creator Reminder

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

Toshiba TEMPRO

TOSHIBA Value Added Package

Trend Micro Titanium

Trend Micro Titanium Internet Security 2012

TRORMCLauncher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WildTangent Games

WildTangent ORB Game Console

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Silverlight

WiseConvert Toolbar

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

02/12/2012 23:36:41, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

02/12/2012 23:20:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

02/12/2012 22:48:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

RogueKiller REPORT

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : John [Admin rights]

Mode : Scan -- Date : 12/04/2012 21:15:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[TASK][sUSP PATH] {BC28DFF6-20D5-4B9A-AB50-D0801943B1AC} : C:\Users\John\Desktop\cjrZ500-Z600EN (2).exe -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS +++++

--- User ---

[MBR] 338565a982b9886267cebc5a507d9731

[bSP] 48aeef1769ddc9929b5900423b368521 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 119001 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244535296 | Size: 119072 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12042012_02d2115.txt >>

RKreport[1]_S_12042012_02d2115.txt

End of Report. I did not think it would all fit into one Post. JJMAC

December 3, 2012

Hallo

A malwarebyte scan carried out on 2/12/12 found and sucessfully deleted the undernoted Trojan.

Can I assume that my Laptop is now clean or is there a risk that a hidden backdoor may have been left.? The Laptop had not been showing any symptoms of infection which was uncovered during a routine scan. I am currently using Trend Micro Titanium internet security 2012.

C:\Users\John\AppData\Roaming\Xagaf\noso.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

Thank You

JJMAC

July 28, 2012

Maurice

I am pleased to inform you that I found inbox toolbar and have succesfully removed it from my computer. I think that you might be right when you suggested that this may also be causing the browser fault. I have closed it down twice, after removing the inbox toolbar,and no error message was received. I will be delighted if that issue has been resolved.

Do you want me to run the DDS program again?.

Kind Regards

JJMAC

July 27, 2012

Maurice

After running DDS I get a message that DDS had created 2 log file

1 dds.txt

2 Attach.txt

The logs will appear after you have closed this (TFC) window.

However. only the dds.txt log appeared. The Attach.txt log did not appear. The same thing happened when I previously ran DDS (on 19 June.)

You asked me to let you know generally how the PC is overall. Generally very good. It boots up in half the time taken by my Dell computer running on Windows Vista home premium (the infected

Computer) or in a quarter of the time required by my Gateway computer running on Xppro. Currently the only issue with this computer is its failure to shut down IE 9 properly at the end of a browsing session, error message: A problem has caused Internet Explorer to stop working correctly. Windows will close the program –……….. Not too much of a problem as it normally only occurs when I try to close a web site.

DDS LOG

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by John at 13:01:14 on 2012-07-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1217 [GMT 1:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO-X64: WiseConvert - No File

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]

S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]

S3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 17:16:52 -------- d-----w- C:\_OTL

2012-07-17 19:42:09 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-11 23:16:05 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 14:07:07 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 14:06:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 14:06:56 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 14:06:56 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 14:06:56 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 14:06:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 14:06:56 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 14:06:56 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 14:06:56 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 14:06:55 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 14:06:55 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 14:06:55 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 14:06:55 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 14:06:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-10 14:45:50 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-10 13:48:26 98816 ----a-w- C:\Windows\sed.exe

2012-07-10 13:48:26 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-10 13:48:26 256000 ----a-w- C:\Windows\PEV.exe

2012-07-10 13:48:26 208896 ----a-w- C:\Windows\MBR.exe

2012-07-10 12:36:44 -------- d-----w- C:\Windows\pss

2012-07-06 16:27:57 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-29 13:28:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-29 13:28:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-29 13:28:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-29 13:28:27 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-29 13:28:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-29 13:28:10 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-29 13:28:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-29 13:27:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-29 13:24:28 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-29 13:24:27 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-29 13:24:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-29 13:24:09 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-29 13:24:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-29 13:24:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-29 13:24:09 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-29 13:24:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-29 11:04:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-29 11:03:55 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-29 11:03:33 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-29 11:03:33 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-26 21:06:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 21:06:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-24 10:18:09 4101392 ----a-w- C:\Windows\uninst.exe

2012-05-10 11:25:46 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat

2012-05-04 18:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-04 18:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 13:03:30.79 ===============

Many thanks for your valued assistance.

JJMAC

July 25, 2012

Maurice I can’t explain it but I seem to be going from bad to worse. I ran TFC.exe as administrator. Temp file cleaner by old timer v3.1.9.0 opens Click start. Program runs. System requires a reboot to finish removing files. I click on ok to reboot now. After the system restarts I can’t find the DDS utility. When you say that after the system restarts I have the DDS utility already do you mean that I didn’t have the utility until the system restarts or that the DDS utility was already installed on my computer during some earlier tests.

Either way I can’t find DDS or DDS.scr anywhere on my computer. I suspect that the internet explorer malfunction which causes the program to stop working correctly may have something toi do with this issue.

JJMAC

July 23, 2012

Maurice

I have gone through this process three times and still come up with the same answer.

Here are the steps taken

1 Right click on OTL (3).exe, (the item with the yellow and black motif) and select run as administrator. Click yes to allow OTL(3).exe to make changes to my computer. OTL version 3.2.53.0 opens,

2 go to instructions and high light & copy to clipboard the 6 items grouped vertically within the code box.

3 Return to OTL and paste these 6 items into the Custom Scan Fixes box. They appear as a single line along the top of the box.

4 Right click on internet explorer icon on the task bar and select Close all windows. I get the familiar error message : internet explorer has stopped working. Windows will close the program and notify you if a solution is available. I click on close program.

5 Click on Run Fix. Click OK to reboot. Got a security message asking if I was sure I wanted to run OTL(3).exe. Click on run and almost immediately I got the following:

All processes killed

Error: Unable to interpret <:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 07232012_163512

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Maurice I have been trying to figure out for myself what has gone wrong. When I clicked on runfix it obviously did not run, instead the computer rebooted and I was asked for permission to run OTL(3).exe which I could have withheld but that would not have got me anywhere.

When at the start of the process I was asked to right click OTL.exe and select run as administrator I first clicked on start and searched the computer for OTL.EXE. A number of OTLs were listed including OTL(1)(2)(3) & (4). I selected OTL(3) as it was the only one with the black and yellow motif. which I presume was the correct one.

I interpreted Copy all the lines in between the code box below to the clipboard to mean highlight the items within the code box and copy them as a group to the clipboard. When pasted into the OTL Custom Scans/Fixes window they appear as a single horizontal line along the top of the Custom Scans/Fixes window.

Please let me know what has gone wrong.

Thank you

JJMAC

July 21, 2012

Maurice

Further to my last post (yesterday evening) I have now rerun the FixLog program having closed all browser windows before clicking the fix log button & it has come up with the same result.

FIX LOG

All processes killed

Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!.

OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Is there still something wrong? I has expected to see a list of the processes killed, a list of files moved on reboot and their new location, & a list of the registry entries deleted.

I’m afraid I am still getting the error message, Internet Explorer has stopped working, every time I try to close it. It seldom stops working during as browsing session so it is not too much of a problem.

Regards

JJMAC

July 20, 2012

Maurice

I am surprised that the RUN FIX log appended below shows less detail than I expected. I think that I followed the instructions accurately with one exception. Internet Explorer is the only open browser on this computer and the only browser window open was that of OTL.exe which I assumed could not be closed without also closing OTL.exe which had not completed at that stage. After clicking on Run Fix I was not presented with a fix complete message or an OK button. The next thing I saw was the Notebook log. I think now that leaving IE open was a mistake. I will have another go at that tomorrow and let you know if I get a different result.

I have reinstalled Java and changed the settings as instructed.

OTL log

All processes killed

Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Thanks for your help

JJ Mac

July 17, 2012

Maurice I can’t find System Mechanic on my laptop. It is not shown in Program and Features and a search of my laptop reports file not found. It is not a program that I bought and am currently using. The only programs that I bought during the past ten years were XPPro, PC Tune-up and a program that scans the computer to locate and update any out of date drivers found. I have mislaid the installation disk of the latter program. I think it was called driver genius. I purchased this laptop on 11/11/2010.

If you can advise me where System Mechanic is located on my laptop I will do my best to locate and delete it.

The following is the Eset Scan Log. This laptop continues to run very smoothly. The only problem of note is IE explorer stops working every time you log off.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=00a9739ceb3bb64980c85e3350b3d149

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-17 08:31:40

# local_time=2012-07-17 09:31:40 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 5905196 5905196 0 0

# compatibility_mode=5893 16776574 100 94 34156874 95019349 0 0

# compatibility_mode=8192 67108863 100 0 170 170 0 0

# scanned=137020

# found=0

# cleaned=0

# scan_time=2800

Thanks again for your help.

July 10, 2012

Maurice

I have run the TFC and the Combofix programs and append below the Combofix.txt log. The test procedure ran smoothly.

After I re-enabled my antivirus program I got a Trend Micro message to say that affected file C:/users/john/desktop/TFC.exe, threat TROJ_Hidefil. BMC had been deleted for your protection. You do not need to do anything else so feel free to close this message.

I presume that Trend Micro has come up with a false positive result and I am quite content to ignore it.

You previously informed me that I could run the tests previously carried out on my laptop (the 6 steps) on my other system (my desktop) by copying the tools which had been downloaded on my laptop to my other system. Could I also copy over TFC.exe and Combo-Fix.exe. Does the first paragraph of step3 imply that there may be a restriction on running Combo-fix on more than one computer?

These additional tests would not be worth running unless as a result it could be concluded that instead of there might have been a trojan backdoor left to the probability would be unlikely that a back door had been left.

If I decide to run these additional tests on my desktop I will open a new

Help topic. Would they be worth running? Please advise.

COMBOFIX .TXT LOG

ComboFix 12-07-10.01 - John 10/07/2012 14:50:12.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1248 [GMT 1:00]

Running from: c:\users\John\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\rnaph.dll

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

2012-07-10 13:58 . 2012-07-10 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 16:27 . 2012-07-06 16:27 -------- d-----w- c:\program files (x86)\Oracle

2012-06-29 21:50 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 21:50 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-29 13:28 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-29 13:28 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-29 13:28 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-29 13:28 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-29 13:28 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-29 13:28 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-29 13:28 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-29 13:27 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-29 13:27 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-29 13:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-29 13:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-29 13:24 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-29 13:24 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-29 13:24 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-29 13:24 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-29 13:24 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-29 13:24 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-29 11:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-29 11:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-29 11:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-29 11:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-29 11:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-29 11:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-29 11:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-29 11:03 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-29 11:03 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- C:\ARC

2012-06-21 19:29 . 2012-06-26 21:16 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\users\John\AppData\Roaming\iolo

2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\programdata\iolo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-29 11:02 . 2012-05-09 21:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-29 11:02 . 2011-06-11 14:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-24 10:18 . 2012-05-23 19:06 4101392 ----a-w- c:\windows\uninst.exe

2012-05-12 20:40 . 2012-05-12 20:40 16384 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe

2012-05-10 11:25 . 2012-05-10 11:25 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-05-04 18:29 . 2012-05-12 14:08 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-04 18:29 . 2012-05-12 14:08 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]

2012-02-20 03:34 342232 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 257224]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-09 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1255736]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2011-08-02 67344]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2011-08-02 210704]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 11:02]

.

2012-01-11 c:\windows\Tasks\FileCure Default.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2012-07-10 c:\windows\Tasks\FileCure Startup.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25]

.

2012-07-08 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-05-22 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

AddRemove-Excel - g:\office\Setup\AcmeXl.exe

AddRemove-Lexmark Z500-Z600 Series - c:\program files (x86) (x86)\Lexmark Z500-Z600 Series\Install\x64\Uninst.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):44,6a,da,36,b1,79,8e,80,95,9a,4e,c3,0e,d9,26,45,64,eb,f4,c0,01,

01,92,81,d1,c0,02,18,94,4f,60,2b,ea,47,f1,b3,90,b5,58,b5,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{a4ff78c5-ad40-42e2-90b2-70a0a8a854a8}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000a0

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,9c,f5,cb,2c,af,d6,12,76,f2,19,3f,57,1d,c6,30,3f,ca,17,f5,bc,41,f8,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

.

**************************************************************************

.

Completion time: 2012-07-10 15:36:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 14:36

.

Pre-Run: 92,228,927,488 bytes free

Post-Run: 91,461,296,128 bytes free

.

- - End Of File - - 30C7F2A4245EB89D80AF20CD9BC1A9BD

July 9, 2012

Of course I am still with you. I very much value your help. I hope to run the TFC & Combofix tools tomorrow and you should receive the results shortly..

Computer technology is not a science that I have much knowledge of and , therefore, I try to be very careful to follow instructions correctly. I get the impression that if things go wrong during these tests,say I don't get the expected response to a particular step, I might not be able to recover from that situation. Hopefully no such problems will, arise but it will take me a little longer to carry out the tests.

Many thanks for your continuing help,

JJMAC

July 6, 2012

When I clicked on the link to download the TFC by oldtimer program I received the following warning: Dangerous Page.

http://oldtimer.geekstogo/Tec.exe Trend Micro (my antivirus program) has confirmed that this web site can transmit malicious software or has been involved in online scams or fraud. A button is preovided which I could click to open the blocked page despite the risk. I was on the point of clicking the button when I began to wonder if it could be possible that someone was masquerading as your goodself and that I should not proceed until I had your assurance that it was safe to do so..

Please may I have that assurance.

Thank you.

July 2, 2012

Maurice

I have completed all of the tests comprising Step 6. I tried but was unable to send all of the Logs/reports in a single post. I had to divide the data into smaller portions for transmission in separate posts. You have received Post1 & 2. Portion of the extras.txt log and the checkup.txt are outstanding. Yesterday I was unable to send Posts 3 & 4 because there was no submit button displayed. Maybe I am not allowed to send a reply to myself. I will attempt to include the missing data in this message.

Spy Hunter is not listed in Programs and Features and I have never used it. I occasionally google to enquire if such an such a program is malware & SpyHunter might be one such program. If it is on my computer it must be hidden.

Io1o. The name means nothing to me . I have not the slightest idea of what it is.

System Mechanic. I have never used System Mechanic.

Uniblue has been popping up on my desktop for some time seeking permission to go on the internet. I have always refused such permission. I do have a driver genius program which I purchased but I have not used it on this laptop. I don’t know how uniblue got on my hard disk. I have now removed it.

I am not in the habit of using registry cleaners or optimisers.

The following are two NBAM logs, one in May which shows the 2 infected files and the other is a current log. I am also attaching POST 3 which includes all of the

Outstanding test results in step 6.

COPY OF MBAM LOG IN MAY WHEN 2 VIRUSES WERE FOUND AND REMOVED

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.16.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

16/05/2012 21:16:38

mbam-log-2012-05-16 (21-16-38).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 205665

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\John\Downloads\PCPerformer_GG.exe.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Users\John\Local Settings\Temporary Internet Files\Silverlight.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

COPY OF MBAM SCAN CARRIED OUT ON 2/7/12

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

02/07/2012 15:14:06

mbam-log-2012-07-02 (15-14-06).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 216137

Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

POST 3 (STEP6 RESULTS CONTINUED)

[{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications"

Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree

"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals

"{9168d95f-e754-422e-acde-f2b098122816}" = Nero 9 Essentials

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure

"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook

"Excel" = Microsoft Excel 97

"Google Desktop" = Google Desktop

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MSMONEYV50" = Microsoft Money 5.0

"TOSHIBA Game Console" = WildTangent ORB Game Console

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WiseConvert Toolbar" = WiseConvert Toolbar

"Word8.0" = Microsoft Word 97

"WT083877" = Chuzzle Deluxe

"WT083890" = Zuma Deluxe

"WT083910" = Jewel Quest II

"WT083916" = Diner Dash 2 Restaurant Rescue

"WT083925" = Plants vs. Zombies

"WT083929" = Bejeweled 2 Deluxe

"WT083945" = FATE

"WT083958" = Penguins!

"WT083959" = Polar Bowler

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/22/2012 2:21:10 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063e0260 Faulting

process id: 0x6bc Faulting application start time: 0x01cd50a2ffe69f92 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 09fad75d-bc97-11e1-ba0d-00266c7bf904

Error - 6/23/2012 7:03:32 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063d0260 Faulting

process id: 0xa84 Faulting application start time: 0x01cd512c687ebb3e Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 1188f940-bd23-11e1-b0fa-00266c7bf904

Error - 6/23/2012 8:06:54 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x071a0260 Faulting

process id: 0x618 Faulting application start time: 0x01cd51384bd147d2 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: eba528c1-bd2b-11e1-b0fa-00266c7bf904

Error - 6/23/2012 8:57:22 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033792 Faulting

process id: 0xf84 Faulting application start time: 0x01cd5138c795f0cc Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: f8bd131a-bd32-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:02:25 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x073c0260 Faulting

process id: 0x1428 Faulting application start time: 0x01cd513fc135f5cf Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: acf44d93-bd33-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:32:31 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x03b10260 Faulting

process id: 0x13e8 Faulting application start time: 0x01cd51449ee3718d Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: e184b9df-bd37-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:51:29 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x06600260 Faulting

process id: 0x75c Faulting application start time: 0x01cd51450cbf93d2 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 883cf5fd-bd3a-11e1-b0fa-00266c7bf904

Error - 6/23/2012 2:26:46 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05d60260 Faulting

process id: 0x808 Faulting application start time: 0x01cd516dbd68ae4d Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: fcea2843-bd60-11e1-b0fa-00266c7bf904

Error - 6/23/2012 2:42:18 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x04e10260 Faulting

process id: 0xa60 Faulting application start time: 0x01cd516fe4264b36 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 286ce719-bd63-11e1-b0fa-00266c7bf904

Error - 6/23/2012 5:34:31 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05e60260 Faulting

process id: 0x1448 Faulting application start time: 0x01cd5187e0b53913 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 37900b5e-bd7b-11e1-b0fa-00266c7bf904

[ Media Center Events ]

Error - 5/31/2011 3:31:41 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 20:28:49 - Error connecting to the internet. 20:28:49 - Unable

to contact server..

Error - 6/21/2011 7:09:00 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 00:09:00 - Error connecting to the internet. 00:09:00 - Unable

to contact server..

Error - 6/21/2011 7:09:11 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 00:09:05 - Error connecting to the internet. 00:09:05 - Unable

to contact server..

Error - 6/26/2011 7:34:31 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 12:34:26 - Error connecting to the internet. 12:34:26 - Unable

to contact server..

Error - 6/26/2011 8:34:44 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 13:34:41 - Error connecting to the internet. 13:34:41 - Unable

to contact server..

Error - 6/26/2011 9:34:57 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 14:34:51 - Error connecting to the internet. 14:34:51 - Unable

to contact server..

Error - 6/26/2011 10:35:05 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 15:35:03 - Error connecting to the internet. 15:35:03 - Unable

to contact server..

Error - 12/6/2011 5:19:14 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 21:19:14 - Error connecting to the internet. 21:19:14 - Unable

to contact server..

Error - 12/6/2011 5:19:24 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 21:19:19 - Error connecting to the internet. 21:19:19 - Unable

to contact server..

Error - 2/11/2012 2:42:26 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 18:42:20 - Error connecting to the internet. 18:42:20 - Unable

to contact server..

[ System Events ]

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = DCOM | ID = 10005

Description =

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Modules Installer service to connect.

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7000

Description = The Windows Modules Installer service failed to start due to the following

error: %%1053

Error - 3/15/2012 9:00:47 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 3/15/2012 9:44:28 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 9:44:29 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 9:44:30 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 5:11:24 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 3/16/2012 12:33:57 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

Error - 3/16/2012 6:21:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

< End of report > END OF EXTRAS FILE

SECURITY CHECK

Screen317 (p41)

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

JavaFX 2.1.0

Java 7 Update 4

Out of date Java installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Toshiba TOSHIBA Online Product Information TOPI.exe

Trend Micro AMSP coreServiceShell.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

Trend Micro AMSP coreFrameworkHost.exe

Trend Micro UniClient UiFrmWrk uiSeAgnt.exe

Trend Micro Titanium UIFramework uiWinMgr.exe

``````````End of Log````````````

There appear to be an awful lot of faults/errors recorded in Extras.txt. The most common fault that I am aware of occurs when I exit from a web site I get an error message to say that Internet Explorer had stopped working. Not too bad when it happens at the end of a session but sometimes it happens in the middle of a session.

The above logs refer only to my Laptop.

My desktop computer was more severely infected. Following your advice I notified about a dozen financial institutions (including two banks with whom I have internet accounts) that I could be at risk of identity theft and asked them to put a watch on my account and to notify me of any suspicious activity taking place.

Most have provided me with a special password which would have to be quoted before they would process any transactions. There was a period of about 10 days between the first symptoms of the virus and its removal by malwarebytes following which I continued using the computer for a further 3 to4 weeks before I closed it down (stopped connecting to the internet). There was therefore a period of 5 to 6 weeks during which a hacker could have access to my private data. I have so far not received any report of suspicious activity from any quarter. I know that, if private data has been stolen, it could be used at any future date ,perhaps in a years time. Nevertheless I would expect a hacker to attempt to use the data sooner rather than later.

I fully intended to reformat the hard disk, reinstall Windows Vista and all the programs and for peace of mind I will probably do that although it is a task I don’t relish. If the risk could be classified as unlikely or better still highly unlikely I would be prepared to take that risk.

I would appreciate your advice on the following.

If repeated on my Desktop, would the test programs which I have carried out on my Laptop (the 6 steps) give an indication of whether a Trojan had left an open back door.
If these tests would be worthwhile, could the program files be downloaded on my laptop, saved to a USB memory stick, and transferred and run/loaded on my desktop.? I would not like to risk connecting my desktop to the internet while installing and running these programs.

Thanks for your help. It is much appreciated.

JJMAC

July 1, 2012

POST2 (STEP6 RESULTS CONTINUED)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 12:04:40 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/29 12:04:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/29 12:04:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/29 12:03:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/29 12:03:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/23 13:15:17 | 000,000,000 | ---D | C] -- C:\ARC

[2012/06/21 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/06/21 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/06/17 13:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\mbam log

[2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\iolo

[2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/29 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/29 21:06:20 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/29 21:06:20 | 000,639,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/29 21:06:20 | 000,114,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/29 21:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2012/06/29 17:22:26 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk

[2012/06/29 17:21:53 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk

[2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job

[2012/06/29 17:01:23 | 000,002,042 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

[2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 16:14:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2012/06/29 16:14:24 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/29 12:02:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/06/29 12:02:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/22 15:38:20 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat

[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/02 13:55:21 | 000,000,762 | ---- | M] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 17:22:26 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk

[2012/06/29 17:21:53 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk

[2012/06/22 15:25:35 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat

[2012/06/02 13:55:21 | 000,000,762 | ---- | C] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk

[2012/05/10 12:25:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/12/03 17:52:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll

[2011/12/03 17:52:43 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll

[2011/12/03 17:52:43 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll

[2011/12/03 17:52:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll

[2011/12/03 17:52:43 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll

[2011/12/03 17:52:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll

[2011/12/03 17:52:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll

[2011/12/03 17:52:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll

[2011/12/03 17:52:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe

[2011/12/03 17:52:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll

[2011/12/03 17:52:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll

[2011/12/03 17:52:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll

[2011/12/03 17:52:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll

[2011/12/03 17:52:41 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe

[2011/12/03 17:52:41 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll

[2011/12/03 17:52:41 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe

[2011/12/03 17:52:41 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe

[2011/05/09 17:56:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== LOP Check ==========

[2012/06/28 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DMCache

[2012/06/29 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IDM

[2012/06/12 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iolo

[2012/05/23 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Cleaners

[2012/05/23 20:07:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCPro

[2011/05/10 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Toshiba

[2011/06/06 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Uniblue

[2011/09/11 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer

[2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job

[2012/01/11 14:36:11 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job

[2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job

[2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2011/05/22 18:46:51 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job

[2012/04/04 17:45:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

EXTRAS.TXT

(p15)

OTL Extras logfile created on: 6/29/2012 9:54:14 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free

3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS

Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{076F53EC-998C-466F-AC90-286BD4A337E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{17064CFB-C1A1-45DB-B218-D583BD5340A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{237E4BEA-7DC7-431F-BA10-86A952651051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{241EDC68-1C89-4DD0-A67D-96C6FAA1E5D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{45AF43B4-F860-4EF1-8302-3FB0ECED8C45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{47063998-C868-43E6-B91E-41915922A22F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5C103E45-6C64-4BCE-A87F-84D085FD611E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5CC14CE3-E0FF-4ECD-9F2A-4E9D986186D3}" = lport=138 | protocol=17 | dir=in | app=system |

"{5D815881-9EE5-4E8C-98A1-84954857697F}" = lport=445 | protocol=6 | dir=in | app=system |

"{6A1B0671-0865-4523-A5A6-CCEB6EB6A790}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6DD60571-CF7C-4A1D-A8DD-846D545338DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{756F1ACD-AC59-4B99-B674-BDC6E644D236}" = lport=137 | protocol=17 | dir=in | app=system |

"{7BEC305B-AC84-49BA-B655-8EC5BDEF02FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{83953A2D-6079-4A94-BC5C-DCB511A951DC}" = rport=445 | protocol=6 | dir=out | app=system |

"{93A9A213-5CA2-4C54-8733-1B6BDCD105D8}" = rport=138 | protocol=17 | dir=out | app=system |

"{950CCD33-6D1A-4408-805F-912FB73C4568}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A3CEA036-DFA2-4E43-99B6-0C8538489210}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A617E2C5-8002-4D67-BD37-EF49E08FD569}" = lport=139 | protocol=6 | dir=in | app=system |

"{ABD48222-5433-469D-AEF9-8D891C175084}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CEF55C4D-6B84-412B-8351-296CA67BFBA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D203FE1A-75DD-4A89-AAC6-4B35EB98FC6E}" = rport=137 | protocol=17 | dir=out | app=system |

"{D96D3AD4-5877-40DD-8283-1560FCEB896C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E872DE32-C683-4C83-B6DA-843AF65ED7CE}" = rport=139 | protocol=6 | dir=out | app=system |

"{EC9273B3-8CEE-4313-B8D6-9D2C3C2215E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FAB6C4A9-6051-4E23-8285-E1DD7BF686EC}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{104F0B0C-45EB-4B01-8125-4556F66D3802}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{22383C5D-F7B7-48A6-8540-DA5A20EB8E68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{38034D3E-34C1-45A4-B8E8-FD9CEB51D858}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{388FAB54-35DA-4FA2-AA50-D4AA0CB1F461}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3BB2D16E-1EF6-436C-B175-DC650CB11612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3D00036E-8559-4C8F-B03C-9124384706DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4497794D-EA5E-4243-A587-03E2C70364AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |

"{526095A6-077C-4E60-BC2B-0BD6FF00C4A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5F3919FD-953C-4298-BAE7-2A86B21A63B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6CA296A0-B20E-4A21-9422-997FD15482F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{793C7B9F-EC17-41F8-A56D-223E1F6E588E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{90120EB9-D0FC-47AC-95A0-F3EF5D06E33E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9873B612-C130-4F64-9DBC-7E0164BC62E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |

"{98F6466C-13A8-4427-91B6-817D7D990646}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A7F5E441-5CE0-486C-A2F2-8D65B30220C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{BB6DC2AA-8E0E-4017-9F5C-20D00C3F48CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BF90902D-9CBB-440C-BFFA-191421F9C798}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C071CDD6-8DD3-4B65-92BB-C1159C39D4FA}" = protocol=6 | dir=out | app=system |

"{C86E9DB9-1EB2-4280-9B8D-045C6B019C0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{C90DEFC7-8881-4D0E-9440-BDE47EBBBB97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CADC6694-1BDF-4034-B65A-B1011BF2ACB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D72586FC-D178-4890-AAA2-D2A60258F0A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{EB4DE7AC-EE6A-4BD4-9D88-754310DAA3E1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{ECE2FCD9-E795-4D47-B24D-B743C20CE390}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F478A558-CC9B-44EE-972F-FDB01198EEC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FB4C1C70-3C28-4D56-ADF7-2ECD7C65AF97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FDD17834-6543-479A-8A3D-FDFDE9B0EF15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java 6 Update 25 (64-bit)

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

CONTINUED IN PART2

PART2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO

"{

July 1, 2012

Maurice the log files from step6 tests (OTL.txt,Extras.txt and Security check) are much too large for a single post. I reckon that 4 or more separate posts will be required. This is POST1

OTL.txt

(p1)

OTL logfile created on: 6/29/2012 9:54:14 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free

3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS

Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 21:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (3).exe

PRC - [2012/02/27 14:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

PRC - [2012/02/10 11:28:06 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/05/16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

PRC - [2010/03/03 12:47:38 | 004,581,280 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe

PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

PRC - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

PRC - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2012/02/27 14:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll

MOD - [2012/02/27 14:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll

MOD - [2011/05/09 22:08:45 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll

MOD - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

MOD - [1996/12/09 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL

MOD - [1996/12/09 00:00:00 | 001,157,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WWINTL32.DLL

MOD - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

MOD - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

MOD - [1996/12/04 00:00:00 | 000,138,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Proof\MSSP232.DLL

MOD - [1996/12/04 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/29 12:02:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/11 02:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/12/04 03:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/02 21:45:04 | 000,210,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)

DRV:64bit: - [2011/08/02 21:45:04 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2011/08/02 21:45:04 | 000,067,344 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)

DRV:64bit: - [2011/07/12 12:13:40 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2011/07/12 12:13:30 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2011/07/12 12:13:20 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/04 17:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C0BD74D-01B4-4C98-9CA6-0A6110C0497A}

IE:64bit: - HKLM\..\SearchScopes\{3C0BD74D-01B4-4C98-9CA6-0A6110C0497A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52}

IE - HKLM\..\SearchScopes\{4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80135&lng=en

IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {70D46D94-BF1E-45ED-B567-48701376298E}

IE - HKCU\..\SearchScopes\{4620AB18-4D95-44EE-817F-728D358E17B9}: "URL" = http://rover.ebay.co...e={searchTerms}

IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://localhost:466...q={searchTerms}

IE - HKCU\..\SearchScopes\{73AF4F8A-1535-4D53-BBFE-50EA6E6440AB}: "URL" = http://uk.search.yah...p={SearchTerms}

IE - HKCU\..\SearchScopes\{AE073DB1-45B8-4428-9E30-A8376DE899B9}: "URL" = http://www.amazon.co...ed&linkCode=ur2

IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80135&lng=en

IE - HKCU\..\SearchScopes\{FEAA3532-8439-43C6-97CD-054C5632F2D4}: "URL" = http://search.condui...&ctid=CT3196716

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/10 13:32:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012/03/15 13:59:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/06/29 11:56:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/06/29 11:56:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\John\AppData\Roaming\IDM\idmmzcc5

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [siteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)

O4 - HKCU..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe (Microsoft Corporation)

O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631}: DhcpNameServer = 10.239.24.5

O18:64bit: - Protocol\Handler\inbox - No CLSID value found

June 28, 2012

Maurice

Running through step5 again I found that the randomized name of the GMER program had changed to qh91ngy0 and was stored in my download folder (the default location for downloads on this computer). Run qh91ngy0.exe as administrator. The GMER window opens. Click Rootkill/malware, unclick registry (all items are unclicked except Services,Files & ADS) then click Scan. The scan took 20 minutes to complete.

When completed a message appeared to say GMER hasn’t found any system modification. There doesn’t appear to be any Gmer log produced to copy & save in the ARC folder.

Is the above a positive result or does it suggest a fault in the test procedure has occurred?. I think that I have followed the test procedure accurately.

Please advise

June 23, 2012

Many thanks Maurice for your further help.

The following are the aswMBA report & the TDSSKiller log.

I request a little help with steps 5&6. Please.

In step5 where I am instructed to go Here and click the Download exe button & save the file to ARK folder. When I click on Here a new window opens entitled View Downloads-Windows -Internet Explorer . I don’t see a Download exe button. Three files with a run button, ug8ig8q2.exe, tdsskiller.exe & aswMBR.exe are listed therein in addition to OTL.exe which had two buttons, one for run and one for save. I clicked on the save button and got a warning message to say that this program is not commonly downloaded and could harm your computer. Not knowing precisely what I was about I decided to proceed no further until I received clarification of the proceedure.

I may also have a problem with step6. When I click on the OTL.exe link the view downloads box as in step5 reopens. Is that the correct response?. Where will I find the Windows7 icon.?

I am sorry if I am asking stupid questions but at 82+ I am not as sharp as I once was.

Thanks in anticipation,

JJMAC

AswMBR Report

Run date: 2012-06-22 15:20:16

-----------------------------

15:20:16.607 OS Version: Windows x64 6.1.7601 Service Pack 1

15:20:16.607 Number of processors: 1 586 0x170A

15:20:16.607 ComputerName: JOHN-TOSH UserName: John

15:20:20.289 Initialize success

15:20:29.196 AVAST engine defs: 12062101

15:21:38.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:21:38.788 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3

15:21:38.803 Disk 0 MBR read successfully

15:21:38.803 Disk 0 MBR scan

15:21:38.819 Disk 0 Windows 7 default MBR code

15:21:38.835 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048

15:21:38.850 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248

15:21:38.881 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296

15:21:38.944 Disk 0 scanning C:\Windows\system32\drivers

15:22:03.077 Service scanning

15:22:36.929 Modules scanning

15:22:36.929 Scan finished successfully

15:25:35.783 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"

15:25:35.799 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Note: On completion of the scan the fix button was not enabled.

TDSSKiller log

19:22:08.0939 1584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

19:22:09.0500 1584 ============================================================

19:22:09.0500 1584 Current date / time: 2012/06/22 19:22:09.0500

19:22:09.0500 1584 SystemInfo:

19:22:09.0500 1584

19:22:09.0500 1584 OS Version: 6.1.7601 ServicePack: 1.0

19:22:09.0500 1584 Product type: Workstation

19:22:09.0500 1584 ComputerName: JOHN-TOSH

19:22:09.0500 1584 UserName: John

19:22:09.0500 1584 Windows directory: C:\Windows

19:22:09.0500 1584 System windows directory: C:\Windows

19:22:09.0500 1584 Running under WOW64

19:22:09.0500 1584 Processor architecture: Intel x64

19:22:09.0500 1584 Number of processors: 1

19:22:09.0500 1584 Page size: 0x1000

19:22:09.0500 1584 Boot type: Normal boot

19:22:09.0500 1584 ============================================================

19:22:09.0968 1584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:22:09.0968 1584 ============================================================

19:22:09.0968 1584 \Device\Harddisk0\DR0:

19:22:09.0968 1584 MBR partitions:

19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800

19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170

19:22:09.0968 1584 ============================================================

19:22:10.0000 1584 C: <-> \Device\Harddisk0\DR0\Partition0

19:22:10.0046 1584 D: <-> \Device\Harddisk0\DR0\Partition1

19:22:10.0046 1584 ============================================================

19:22:10.0046 1584 Initialize success

19:22:10.0046 1584 ============================================================

19:23:16.0300 3524 ============================================================

19:23:16.0300 3524 Scan started

19:23:16.0300 3524 Mode: Manual; SigCheck; TDLFS;

19:23:16.0300 3524 ============================================================

19:23:17.0548 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:23:17.0641 3524 1394ohci - ok

19:23:17.0719 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:23:17.0750 3524 ACPI - ok

19:23:17.0813 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:23:17.0844 3524 AcpiPmi - ok

19:23:18.0000 3524 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:23:18.0016 3524 AdobeFlashPlayerUpdateSvc - ok

19:23:18.0094 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:23:18.0140 3524 adp94xx - ok

19:23:18.0203 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:23:18.0234 3524 adpahci - ok

19:23:18.0265 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:23:18.0281 3524 adpu320 - ok

19:23:18.0343 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:23:18.0390 3524 AeLookupSvc - ok

19:23:18.0452 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:23:18.0499 3524 AFD - ok

19:23:18.0546 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:23:18.0562 3524 agp440 - ok

19:23:18.0624 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:23:18.0640 3524 ALG - ok

19:23:18.0702 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:23:18.0718 3524 aliide - ok

19:23:18.0749 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:23:18.0780 3524 amdide - ok

19:23:18.0811 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:23:18.0842 3524 AmdK8 - ok

19:23:18.0858 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:23:18.0889 3524 AmdPPM - ok

19:23:18.0952 3524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:23:18.0983 3524 amdsata - ok

19:23:19.0014 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:23:19.0030 3524 amdsbs - ok

19:23:19.0092 3524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:23:19.0108 3524 amdxata - ok

19:23:19.0295 3524 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

19:23:19.0342 3524 Amsp - ok

19:23:19.0388 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:23:19.0451 3524 AppID - ok

19:23:19.0498 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:23:19.0544 3524 AppIDSvc - ok

19:23:19.0622 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:23:19.0669 3524 Appinfo - ok

19:23:19.0716 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:23:19.0732 3524 arc - ok

19:23:19.0747 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:23:19.0778 3524 arcsas - ok

19:23:19.0810 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:23:19.0856 3524 AsyncMac - ok

19:23:19.0903 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:23:19.0919 3524 atapi - ok

19:23:20.0028 3524 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

19:23:20.0075 3524 athr - ok

19:23:20.0215 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:23:20.0309 3524 AudioEndpointBuilder - ok

19:23:20.0324 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:23:20.0387 3524 AudioSrv - ok

19:23:20.0465 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:23:20.0496 3524 AxInstSV - ok

19:23:20.0574 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:23:20.0621 3524 b06bdrv - ok

19:23:20.0683 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:23:20.0714 3524 b57nd60a - ok

19:23:21.0136 3524 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

19:23:21.0182 3524 BBSvc - ok

19:23:21.0276 3524 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

19:23:21.0292 3524 BBUpdate - ok

19:23:21.0370 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:23:21.0401 3524 BDESVC - ok

19:23:21.0463 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:23:21.0510 3524 Beep - ok

19:23:21.0588 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:23:21.0650 3524 BFE - ok

19:23:21.0822 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:23:21.0900 3524 BITS - ok

19:23:21.0947 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:23:21.0978 3524 blbdrive - ok

19:23:22.0025 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:23:22.0056 3524 bowser - ok

19:23:22.0087 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:23:22.0118 3524 BrFiltLo - ok

19:23:22.0118 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:23:22.0150 3524 BrFiltUp - ok

19:23:22.0181 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:23:22.0228 3524 Browser - ok

19:23:22.0399 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:23:22.0446 3524 Brserid - ok

19:23:22.0462 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:23:22.0493 3524 BrSerWdm - ok

19:23:22.0508 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:23:22.0540 3524 BrUsbMdm - ok

19:23:22.0555 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:23:22.0571 3524 BrUsbSer - ok

19:23:22.0586 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:23:22.0618 3524 BTHMODEM - ok

19:23:22.0680 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:23:22.0727 3524 bthserv - ok

19:23:22.0836 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:23:22.0883 3524 cdfs - ok

19:23:22.0945 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

19:23:22.0976 3524 cdrom - ok

19:23:23.0023 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:23:23.0070 3524 CertPropSvc - ok

19:23:23.0195 3524 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

19:23:23.0226 3524 cfWiMAXService - ok

19:23:23.0257 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:23:23.0288 3524 circlass - ok

19:23:23.0351 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:23:23.0366 3524 CLFS - ok

19:23:23.0429 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:23:23.0444 3524 clr_optimization_v2.0.50727_32 - ok

19:23:23.0491 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:23:23.0522 3524 clr_optimization_v2.0.50727_64 - ok

19:23:23.0632 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:23:23.0647 3524 clr_optimization_v4.0.30319_32 - ok

19:23:23.0678 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:23:23.0694 3524 clr_optimization_v4.0.30319_64 - ok

19:23:23.0725 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:23:23.0756 3524 CmBatt - ok

19:23:23.0788 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:23:23.0803 3524 cmdide - ok

19:23:23.0866 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:23:23.0912 3524 CNG - ok

19:23:23.0990 3524 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys

19:23:24.0037 3524 CnxtHdAudService - ok

19:23:24.0068 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:23:24.0084 3524 Compbatt - ok

19:23:24.0146 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:23:24.0178 3524 CompositeBus - ok

19:23:24.0209 3524 COMSysApp - ok

19:23:24.0287 3524 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

19:23:24.0302 3524 ConfigFree Service - ok

19:23:24.0349 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:23:24.0365 3524 crcdisk - ok

19:23:24.0427 3524 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:23:24.0458 3524 CryptSvc - ok

19:23:24.0536 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:23:24.0583 3524 DcomLaunch - ok

19:23:24.0958 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:23:25.0020 3524 defragsvc - ok

19:23:25.0067 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:23:25.0114 3524 DfsC - ok

19:23:25.0176 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:23:25.0223 3524 Dhcp - ok

19:23:25.0285 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:23:25.0332 3524 discache - ok

19:23:25.0379 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:23:25.0394 3524 Disk - ok

19:23:25.0457 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:23:25.0472 3524 Dnscache - ok

19:23:25.0550 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:23:25.0597 3524 dot3svc - ok

19:23:25.0691 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:23:25.0738 3524 DPS - ok

19:23:25.0800 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:23:25.0831 3524 drmkaud - ok

19:23:25.0909 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:23:25.0956 3524 DXGKrnl - ok

19:23:26.0003 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:23:26.0065 3524 EapHost - ok

19:23:26.0221 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:23:26.0346 3524 ebdrv - ok

19:23:26.0471 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:23:26.0502 3524 EFS - ok

19:23:26.0596 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:23:26.0642 3524 ehRecvr - ok

19:23:26.0674 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:23:26.0705 3524 ehSched - ok

19:23:26.0767 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:23:26.0814 3524 elxstor - ok

19:23:26.0845 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:23:26.0876 3524 ErrDev - ok

19:23:26.0986 3524 esgiguard - ok

19:23:27.0282 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:23:27.0344 3524 EventSystem - ok

19:23:27.0391 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:23:27.0438 3524 exfat - ok

19:23:27.0469 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:23:27.0516 3524 fastfat - ok

19:23:27.0610 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:23:27.0656 3524 Fax - ok

19:23:27.0672 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:23:27.0703 3524 fdc - ok

19:23:27.0750 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:23:27.0812 3524 fdPHost - ok

19:23:27.0828 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:23:27.0875 3524 FDResPub - ok

19:23:27.0906 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:23:27.0922 3524 FileInfo - ok

19:23:27.0953 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:23:28.0000 3524 Filetrace - ok

19:23:28.0031 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:23:28.0078 3524 flpydisk - ok

19:23:28.0140 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:23:28.0171 3524 FltMgr - ok

19:23:28.0280 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:23:28.0312 3524 FontCache - ok

19:23:28.0405 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:23:28.0421 3524 FontCache3.0.0.0 - ok

19:23:28.0468 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:23:28.0483 3524 FsDepends - ok

19:23:28.0514 3524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:23:28.0530 3524 Fs_Rec - ok

19:23:28.0592 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:23:28.0624 3524 fvevol - ok

19:23:28.0686 3524 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys

19:23:28.0702 3524 FwLnk - ok

19:23:28.0795 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:23:28.0811 3524 gagp30kx - ok

19:23:28.0904 3524 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

19:23:28.0936 3524 GameConsoleService - ok

19:23:29.0029 3524 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

19:23:29.0045 3524 GoogleDesktopManager-051210-111108 - ok

19:23:29.0138 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:23:29.0185 3524 gpsvc - ok

19:23:29.0294 3524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:23:29.0310 3524 gupdate - ok

19:23:29.0341 3524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:23:29.0357 3524 gupdatem - ok

19:23:29.0404 3524 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:23:29.0419 3524 gusvc - ok

19:23:29.0513 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:23:29.0544 3524 hcw85cir - ok

19:23:29.0622 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:23:29.0653 3524 HdAudAddService - ok

19:23:29.0700 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:23:29.0731 3524 HDAudBus - ok

19:23:29.0778 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:23:29.0794 3524 HidBatt - ok

19:23:29.0809 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:23:29.0840 3524 HidBth - ok

19:23:29.0856 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:23:29.0872 3524 HidIr - ok

19:23:29.0918 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:23:29.0965 3524 hidserv - ok

19:23:30.0028 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

19:23:30.0043 3524 HidUsb - ok

19:23:30.0090 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:23:30.0137 3524 hkmsvc - ok

19:23:30.0184 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:23:30.0215 3524 HomeGroupListener - ok

19:23:30.0262 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:23:30.0277 3524 HomeGroupProvider - ok

19:23:30.0340 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:23:30.0355 3524 HpSAMD - ok

19:23:30.0418 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:23:30.0480 3524 HTTP - ok

19:23:30.0511 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:23:30.0527 3524 hwpolicy - ok

19:23:30.0558 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:23:30.0574 3524 i8042prt - ok

19:23:30.0636 3524 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

19:23:30.0652 3524 iaStor - ok

19:23:30.0730 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:23:30.0745 3524 iaStorV - ok

19:23:30.0886 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:23:30.0901 3524 idsvc - ok

19:23:31.0369 3524 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:23:31.0541 3524 igfx - ok

19:23:31.0650 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:23:31.0666 3524 iirsp - ok

19:23:31.0744 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:23:31.0806 3524 IKEEXT - ok

19:23:31.0853 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:23:31.0868 3524 intelide - ok

19:23:31.0915 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:23:31.0946 3524 intelppm - ok

19:23:32.0024 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:23:32.0087 3524 IPBusEnum - ok

19:23:32.0274 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:23:32.0321 3524 IpFilterDriver - ok

19:23:32.0648 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:23:32.0711 3524 iphlpsvc - ok

19:23:32.0820 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:23:32.0851 3524 IPMIDRV - ok

19:23:33.0007 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:23:33.0054 3524 IPNAT - ok

19:23:33.0101 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:23:33.0132 3524 IRENUM - ok

19:23:33.0163 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:23:33.0179 3524 isapnp - ok

19:23:33.0241 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:23:33.0257 3524 iScsiPrt - ok

19:23:33.0304 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:23:33.0319 3524 kbdclass - ok

19:23:33.0350 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

19:23:33.0382 3524 kbdhid - ok

19:23:33.0428 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:33.0460 3524 KeyIso - ok

19:23:33.0491 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:23:33.0522 3524 KSecDD - ok

19:23:33.0569 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:23:33.0584 3524 KSecPkg - ok

19:23:33.0631 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:23:33.0694 3524 ksthunk - ok

19:23:33.0756 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:23:33.0803 3524 KtmRm - ok

19:23:33.0850 3524 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys

19:23:33.0865 3524 L1C - ok

19:23:33.0928 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:23:33.0974 3524 LanmanServer - ok

19:23:34.0021 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:23:34.0068 3524 LanmanWorkstation - ok

19:23:34.0099 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:23:34.0146 3524 lltdio - ok

19:23:34.0193 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:23:34.0240 3524 lltdsvc - ok

19:23:34.0255 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:23:34.0318 3524 lmhosts - ok

19:23:34.0364 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:23:34.0380 3524 LSI_FC - ok

19:23:34.0396 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:23:34.0427 3524 LSI_SAS - ok

19:23:34.0442 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:23:34.0458 3524 LSI_SAS2 - ok

19:23:34.0489 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:23:34.0505 3524 LSI_SCSI - ok

19:23:34.0645 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:23:34.0708 3524 luafv - ok

19:23:34.0879 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:23:34.0910 3524 Mcx2Svc - ok

19:23:34.0957 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:23:34.0988 3524 megasas - ok

19:23:35.0082 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:23:35.0098 3524 MegaSR - ok

19:23:35.0144 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:23:35.0191 3524 MMCSS - ok

19:23:35.0222 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:23:35.0285 3524 Modem - ok

19:23:35.0300 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:23:35.0332 3524 monitor - ok

19:23:35.0378 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

19:23:35.0394 3524 mouclass - ok

19:23:35.0425 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:23:35.0441 3524 mouhid - ok

19:23:35.0488 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:23:35.0503 3524 mountmgr - ok

19:23:35.0550 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:23:35.0566 3524 mpio - ok

19:23:35.0597 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:23:35.0644 3524 mpsdrv - ok

19:23:35.0722 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:23:35.0784 3524 MpsSvc - ok

19:23:35.0815 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:23:35.0846 3524 MRxDAV - ok

19:23:35.0893 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:23:35.0924 3524 mrxsmb - ok

19:23:35.0971 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:23:36.0002 3524 mrxsmb10 - ok

19:23:36.0034 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:23:36.0065 3524 mrxsmb20 - ok

19:23:36.0112 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:23:36.0127 3524 msahci - ok

19:23:36.0174 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:23:36.0190 3524 msdsm - ok

19:23:36.0221 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:23:36.0252 3524 MSDTC - ok

19:23:36.0299 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:23:36.0361 3524 Msfs - ok

19:23:36.0392 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:23:36.0439 3524 mshidkmdf - ok

19:23:36.0470 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:23:36.0486 3524 msisadrv - ok

19:23:36.0533 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:23:36.0580 3524 MSiSCSI - ok

19:23:36.0595 3524 MSIServer - ok

19:23:36.0626 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:23:36.0673 3524 MSKSSRV - ok

19:23:36.0689 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:23:36.0751 3524 MSPCLOCK - ok

19:23:36.0751 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:23:36.0814 3524 MSPQM - ok

19:23:37.0110 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:23:37.0126 3524 MsRPC - ok

19:23:37.0219 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:23:37.0235 3524 mssmbios - ok

19:23:37.0282 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:23:37.0328 3524 MSTEE - ok

19:23:37.0344 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:23:37.0360 3524 MTConfig - ok

19:23:37.0422 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:23:37.0453 3524 Mup - ok

19:23:37.0796 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:23:37.0859 3524 napagent - ok

19:23:37.0906 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:23:37.0937 3524 NativeWifiP - ok

19:23:38.0093 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:23:38.0124 3524 NDIS - ok

19:23:38.0171 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:23:38.0202 3524 NdisCap - ok

19:23:38.0249 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:23:38.0280 3524 NdisTapi - ok

19:23:38.0327 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:23:38.0374 3524 Ndisuio - ok

19:23:38.0420 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:23:38.0467 3524 NdisWan - ok

19:23:38.0498 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:23:38.0545 3524 NDProxy - ok

19:23:38.0670 3524 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

19:23:38.0701 3524 Nero BackItUp Scheduler 4.0 - ok

19:23:38.0748 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:23:38.0795 3524 NetBIOS - ok

19:23:38.0842 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:23:38.0888 3524 NetBT - ok

19:23:38.0935 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:38.0951 3524 Netlogon - ok

19:23:39.0013 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:23:39.0076 3524 Netman - ok

19:23:39.0107 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:23:39.0169 3524 netprofm - ok

19:23:39.0263 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:23:39.0294 3524 NetTcpPortSharing - ok

19:23:39.0325 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:23:39.0341 3524 nfrd960 - ok

19:23:39.0403 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:23:39.0466 3524 NlaSvc - ok

19:23:39.0544 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:23:39.0606 3524 Npfs - ok

19:23:39.0653 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:23:39.0715 3524 nsi - ok

19:23:39.0731 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:23:39.0793 3524 nsiproxy - ok

19:23:40.0433 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:23:40.0480 3524 Ntfs - ok

19:23:40.0604 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:23:40.0651 3524 Null - ok

19:23:40.0714 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:23:40.0729 3524 nvraid - ok

19:23:40.0760 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:23:40.0776 3524 nvstor - ok

19:23:40.0823 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:23:40.0838 3524 nv_agp - ok

19:23:40.0870 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:23:40.0901 3524 ohci1394 - ok

19:23:40.0948 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:40.0963 3524 p2pimsvc - ok

19:23:41.0026 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:23:41.0057 3524 p2psvc - ok

19:23:41.0088 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:23:41.0119 3524 Parport - ok

19:23:41.0166 3524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:23:41.0182 3524 partmgr - ok

19:23:41.0213 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:23:41.0244 3524 PcaSvc - ok

19:23:41.0291 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:23:41.0306 3524 pci - ok

19:23:41.0338 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:23:41.0353 3524 pciide - ok

19:23:41.0384 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:23:41.0416 3524 pcmcia - ok

19:23:41.0431 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:23:41.0447 3524 pcw - ok

19:23:41.0478 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:23:41.0540 3524 PEAUTH - ok

19:23:41.0946 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:23:41.0962 3524 PerfHost - ok

19:23:42.0102 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:23:42.0164 3524 pla - ok

19:23:42.0227 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:23:42.0258 3524 PlugPlay - ok

19:23:42.0289 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:23:42.0305 3524 PNRPAutoReg - ok

19:23:42.0352 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:42.0383 3524 PNRPsvc - ok

19:23:42.0445 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:23:42.0492 3524 PolicyAgent - ok

19:23:42.0539 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:23:42.0586 3524 Power - ok

19:23:42.0664 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:23:42.0710 3524 PptpMiniport - ok

19:23:42.0742 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:23:42.0773 3524 Processor - ok

19:23:42.0835 3524 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:23:42.0851 3524 ProfSvc - ok

19:23:42.0898 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:42.0929 3524 ProtectedStorage - ok

19:23:42.0976 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:23:43.0022 3524 Psched - ok

19:23:43.0100 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:23:43.0147 3524 ql2300 - ok

19:23:43.0459 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:23:43.0475 3524 ql40xx - ok

19:23:43.0740 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:23:43.0771 3524 QWAVE - ok

19:23:43.0787 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:23:43.0818 3524 QWAVEdrv - ok

19:23:43.0834 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:23:43.0896 3524 RasAcd - ok

19:23:43.0943 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:23:43.0990 3524 RasAgileVpn - ok

19:23:44.0114 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:23:44.0161 3524 RasAuto - ok

19:23:44.0192 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:23:44.0239 3524 Rasl2tp - ok

19:23:44.0426 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:23:44.0473 3524 RasMan - ok

19:23:44.0520 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:23:44.0567 3524 RasPppoe - ok

19:23:44.0582 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:23:44.0629 3524 RasSstp - ok

19:23:44.0926 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:23:44.0988 3524 rdbss - ok

19:23:45.0035 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:23:45.0050 3524 rdpbus - ok

19:23:45.0082 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:23:45.0128 3524 RDPCDD - ok

19:23:45.0160 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:23:45.0206 3524 RDPENCDD - ok

19:23:45.0222 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:23:45.0269 3524 RDPREFMP - ok

19:23:45.0316 3524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:23:45.0347 3524 RDPWD - ok

19:23:45.0394 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:23:45.0425 3524 rdyboost - ok

19:23:45.0456 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:23:45.0518 3524 RemoteAccess - ok

19:23:45.0550 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:23:45.0596 3524 RemoteRegistry - ok

19:23:45.0643 3524 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys

19:23:45.0659 3524 Revoflt - ok

19:23:45.0706 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:23:45.0752 3524 RpcEptMapper - ok

19:23:45.0784 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:23:45.0815 3524 RpcLocator - ok

19:23:45.0877 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:23:45.0924 3524 RpcSs - ok

19:23:45.0971 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:23:46.0018 3524 rspndr - ok

19:23:46.0096 3524 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

19:23:46.0127 3524 RSUSBSTOR - ok

19:23:46.0174 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:46.0189 3524 SamSs - ok

19:23:46.0220 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:23:46.0236 3524 sbp2port - ok

19:23:46.0267 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:23:46.0314 3524 SCardSvr - ok

19:23:46.0361 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:23:46.0408 3524 scfilter - ok

19:23:46.0798 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:23:46.0860 3524 Schedule - ok

19:23:46.0907 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:23:46.0954 3524 SCPolicySvc - ok

19:23:46.0969 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:23:47.0000 3524 SDRSVC - ok

19:23:47.0078 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:23:47.0125 3524 secdrv - ok

19:23:47.0156 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:23:47.0203 3524 seclogon - ok

19:23:47.0234 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:23:47.0281 3524 SENS - ok

19:23:47.0328 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:23:47.0344 3524 SensrSvc - ok

19:23:47.0390 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:23:47.0406 3524 Serenum - ok

19:23:47.0437 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:23:47.0453 3524 Serial - ok

19:23:47.0515 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:23:47.0531 3524 sermouse - ok

19:23:47.0578 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:23:47.0624 3524 SessionEnv - ok

19:23:47.0671 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:23:47.0687 3524 sffdisk - ok

19:23:47.0718 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:23:47.0749 3524 sffp_mmc - ok

19:23:47.0780 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:23:47.0796 3524 sffp_sd - ok

19:23:47.0827 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:23:47.0858 3524 sfloppy - ok

19:23:47.0921 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:23:47.0968 3524 SharedAccess - ok

19:23:48.0014 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:23:48.0077 3524 ShellHWDetection - ok

19:23:48.0092 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:23:48.0108 3524 SiSRaid2 - ok

19:23:48.0155 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:23:48.0170 3524 SiSRaid4 - ok

19:23:48.0217 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:23:48.0264 3524 Smb - ok

19:23:48.0326 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:23:48.0342 3524 SNMPTRAP - ok

19:23:48.0389 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:23:48.0404 3524 spldr - ok

19:23:48.0529 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:23:48.0592 3524 Spooler - ok

19:23:48.0794 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:23:48.0872 3524 sppsvc - ok

19:23:48.0997 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:23:49.0044 3524 sppuinotify - ok

19:23:49.0106 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:23:49.0138 3524 srv - ok

19:23:49.0185 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:23:49.0216 3524 srv2 - ok

19:23:49.0247 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:23:49.0278 3524 srvnet - ok

19:23:49.0325 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:23:49.0372 3524 SSDPSRV - ok

19:23:49.0403 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:23:49.0465 3524 SstpSvc - ok

19:23:49.0497 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:23:49.0512 3524 stexstor - ok

19:23:49.0606 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:23:49.0637 3524 stisvc - ok

19:23:49.0668 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:23:49.0684 3524 swenum - ok

19:23:49.0746 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:23:49.0824 3524 swprv - ok

19:23:49.0871 3524 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

19:23:49.0902 3524 SynTP - ok

19:23:50.0043 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:23:50.0121 3524 SysMain - ok

19:23:50.0245 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:23:50.0292 3524 TabletInputService - ok

19:23:50.0339 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:23:50.0401 3524 TapiSrv - ok

19:23:50.0448 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:23:50.0511 3524 TBS - ok

19:23:50.0698 3524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:23:50.0745 3524 Tcpip - ok

19:23:50.0932 3524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:23:50.0994 3524 TCPIP6 - ok

19:23:51.0119 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:23:51.0150 3524 tcpipreg - ok

19:23:51.0213 3524 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

19:23:51.0228 3524 tdcmdpst - ok

19:23:51.0275 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:23:51.0291 3524 TDPIPE - ok

19:23:51.0353 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:23:51.0369 3524 TDTCP - ok

19:23:51.0415 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:23:51.0462 3524 tdx - ok

19:23:51.0634 3524 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

19:23:51.0649 3524 TemproMonitoringService - ok

19:23:51.0759 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:23:51.0774 3524 TermDD - ok

19:23:51.0837 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:23:51.0899 3524 TermService - ok

19:23:51.0930 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:23:51.0961 3524 Themes - ok

19:23:51.0993 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:23:52.0039 3524 THREADORDER - ok

19:23:52.0117 3524 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

19:23:52.0133 3524 TMachInfo - ok

19:23:52.0180 3524 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys

19:23:52.0211 3524 tmactmon - ok

19:23:52.0273 3524 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys

19:23:52.0289 3524 tmcomm - ok

19:23:52.0320 3524 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys

19:23:52.0336 3524 tmeevw - ok

19:23:52.0383 3524 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys

19:23:52.0398 3524 tmevtmgr - ok

19:23:52.0429 3524 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys

19:23:52.0445 3524 tmnciesc - ok

19:23:52.0492 3524 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys

19:23:52.0507 3524 tmtdi - ok

19:23:52.0554 3524 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

19:23:52.0585 3524 TODDSrv - ok

19:23:52.0710 3524 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

19:23:52.0726 3524 TosCoSrv - ok

19:23:52.0788 3524 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

19:23:52.0804 3524 TOSHIBA HDD SSD Alert Service - ok

19:23:52.0851 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:23:52.0913 3524 TrkWks - ok

19:23:53.0007 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:23:53.0053 3524 TrustedInstaller - ok

19:23:53.0163 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:23:53.0209 3524 tssecsrv - ok

19:23:53.0272 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:23:53.0287 3524 TsUsbFlt - ok

19:23:53.0334 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:23:53.0381 3524 tunnel - ok

19:23:53.0443 3524 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

19:23:53.0459 3524 TVALZ - ok

19:23:53.0490 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:23:53.0506 3524 uagp35 - ok

19:23:53.0958 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:23:54.0005 3524 udfs - ok

19:23:54.0083 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:23:54.0114 3524 UI0Detect - ok

19:23:54.0161 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:23:54.0192 3524 uliagpkx - ok

19:23:54.0255 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:23:54.0286 3524 umbus - ok

19:23:54.0317 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:23:54.0348 3524 UmPass - ok

19:23:54.0754 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:23:54.0816 3524 upnphost - ok

19:23:54.0957 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

19:23:54.0988 3524 usbccgp - ok

19:23:55.0035 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:23:55.0050 3524 usbcir - ok

19:23:55.0113 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:23:55.0128 3524 usbehci - ok

19:23:55.0175 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:23:55.0206 3524 usbhub - ok

19:23:55.0253 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:23:55.0269 3524 usbohci - ok

19:23:55.0315 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:23:55.0347 3524 usbprint - ok

19:23:55.0471 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:23:55.0487 3524 USBSTOR - ok

19:23:55.0534 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

19:23:55.0549 3524 usbuhci - ok

19:23:55.0752 3524 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

19:23:55.0783 3524 usbvideo - ok

19:23:55.0846 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:23:55.0893 3524 UxSms - ok

19:23:55.0986 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:56.0017 3524 VaultSvc - ok

19:23:56.0064 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:23:56.0095 3524 vdrvroot - ok

19:23:56.0657 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:23:56.0704 3524 vds - ok

19:23:56.0766 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:23:56.0782 3524 vga - ok

19:23:56.0860 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:23:56.0907 3524 VgaSave - ok

19:23:57.0172 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:23:57.0187 3524 vhdmp - ok

19:23:57.0234 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:23:57.0250 3524 viaide - ok

19:23:57.0375 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:23:57.0390 3524 volmgr - ok

19:23:57.0609 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:23:57.0624 3524 volmgrx - ok

19:23:57.0827 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:23:57.0858 3524 volsnap - ok

19:23:57.0889 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:23:57.0905 3524 vsmraid - ok

19:23:59.0309 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:23:59.0387 3524 VSS - ok

19:24:00.0183 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:24:00.0214 3524 vwifibus - ok

19:24:00.0245 3524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:24:00.0276 3524 vwififlt - ok

19:24:00.0292 3524 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:24:00.0323 3524 vwifimp - ok

19:24:00.0697 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:24:00.0760 3524 W32Time - ok

19:24:00.0838 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:24:00.0869 3524 WacomPen - ok

19:24:00.0931 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:24:00.0978 3524 WANARP - ok

19:24:00.0994 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:24:01.0041 3524 Wanarpv6 - ok

19:24:01.0212 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:24:01.0243 3524 WatAdminSvc - ok

19:24:01.0353 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:24:01.0399 3524 wbengine - ok

19:24:02.0304 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:24:02.0335 3524 WbioSrvc - ok

19:24:02.0616 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:24:02.0647 3524 wcncsvc - ok

19:24:02.0694 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:24:02.0725 3524 WcsPlugInService - ok

19:24:02.0819 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:24:02.0835 3524 Wd - ok

19:24:02.0975 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:24:03.0006 3524 Wdf01000 - ok

19:24:03.0131 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:24:03.0162 3524 WdiServiceHost - ok

19:24:03.0178 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:24:03.0209 3524 WdiSystemHost - ok

19:24:03.0303 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:24:03.0334 3524 WebClient - ok

19:24:03.0412 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:24:03.0459 3524 Wecsvc - ok

19:24:03.0505 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:24:03.0552 3524 wercplsupport - ok

19:24:03.0599 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:24:03.0646 3524 WerSvc - ok

19:24:03.0708 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:24:03.0755 3524 WfpLwf - ok

19:24:03.0786 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:24:03.0802 3524 WIMMount - ok

19:24:03.0864 3524 WinDefend - ok

19:24:03.0880 3524 WinHttpAutoProxySvc - ok

19:24:04.0192 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:24:04.0239 3524 Winmgmt - ok

19:24:04.0878 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:24:04.0956 3524 WinRM - ok

19:24:06.0017 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:24:06.0079 3524 Wlansvc - ok

19:24:07.0031 3524 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:24:07.0093 3524 wlidsvc - ok

19:24:07.0920 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:24:07.0951 3524 WmiAcpi - ok

19:24:08.0092 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:24:08.0170 3524 wmiApSrv - ok

19:24:08.0232 3524 WMPNetworkSvc - ok

19:24:08.0279 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:24:08.0295 3524 WPCSvc - ok

19:24:08.0466 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:24:08.0497 3524 WPDBusEnum - ok

19:24:08.0529 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:24:08.0575 3524 ws2ifsl - ok

19:24:08.0716 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:24:08.0747 3524 wscsvc - ok

19:24:08.0747 3524 WSearch - ok

19:24:10.0447 3524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

19:24:10.0510 3524 wuauserv - ok

19:24:11.0243 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:24:11.0290 3524 WudfPf - ok

19:24:11.0321 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:24:11.0368 3524 WUDFRd - ok

19:24:11.0493 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:24:11.0539 3524 wudfsvc - ok

19:24:11.0867 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:24:11.0914 3524 WwanSvc - ok

19:24:11.0976 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:24:14.0269 3524 \Device\Harddisk0\DR0 - ok

19:24:14.0301 3524 Boot (0x1200) (857adc8aa145ed29b100702fb178b13b) \Device\Harddisk0\DR0\Partition0

19:24:14.0316 3524 \Device\Harddisk0\DR0\Partition0 - ok

19:24:14.0347 3524 Boot (0x1200) (68940da91f4f91d95be816d03b3032c6) \Device\Harddisk0\DR0\Partition1

19:24:14.0347 3524 \Device\Harddisk0\DR0\Partition1 - ok

19:24:14.0363 3524 ============================================================

19:24:14.0363 3524 Scan finished

19:24:14.0363 3524 ============================================================

19:24:14.0379 3480 Detected object count: 0

19:24:14.0379 3480 Actual detected object count: 0

19:35:14.0801 3956 Deinitialize success

June 19, 2012

Hallo Maurice

Many thanks for your prompt reply.

As instructed I downloaded DDS and saved it to my desktop. I changed my antivirus program from mcafee internet security to Trend Micro Titanium about 4 weeks ago. In the Trent Micro program I added \desktop\dds.scr to the exception list in which scans and other kinds of monitoring are ignored. After running dds.scr two log files namely (1)DDS.TXT and (2) ATTACH.TXT were created & shown in the DDS window. However, when I closed the DDS window only the DDS log file opened.

There must be something amiss somewhere. Does Malwarebytes have a script blocker? For what it is worth here is the DDS log file.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by John at 11:58:27 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.888 [GMT 1:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\Microsoft Money\System\Money Express.exe

C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\SiteRanker\SiteRankTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PC Cleaners\PCCleaners.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en

uDefault_Page_URL = hxxp://toshiba.msn.com

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mWinlogon: Userinit=userinit.exe,