ChrisOfTheOT

Honorary Members

View Profile See their activity

Posts
47
Joined
June 26, 2012
Last visited
January 30, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by ChrisOfTheOT

Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

1. Java devs kits are now uninstalled. 2. You earlier post also mentions System Restore: Forgive my ignorance but I have restore points set for all drives/partions (except the temp partition). They all show under the System Protection tab (I have no System Restore tab) as ticked. Is it correct to have restore points set for all drives? (I have previously read it is, but...) Also, each restore point is brand new - from boot-up - though I didnt' tell anything to do that. 3. Some years ago I used CCleaner but it was disasterous! (MBR was ruined.) I can't remember how I sorted it but it may have been a full restore using WHS. I only used it that once and forgotten it was there - I uninstalled it a few days ago. 4. SDRV to follow... Thanks Maurice, Chris
- June 29, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Forgot to ask: what is JavaFX? Do I need it? Cheers, Chris
- June 29, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Morning Maurice. Sorry - I'm still depressed! The MS updates seemed to work (?), though very little actually happened other than a quick unpacking or downloading of dll files (I think - it was very quick). It was not a total failure because, under the 'Update' tab in MSE, the 'Definitions last updated' shows as todays. (Previously it showed as the 19th, when in last worked properly.) However, the 'Definitions created on' shows as the 19th still - and MSE still reports that the definitions are out of date. (Watching the progress bar & description, it seems to try and install the update twice - but what do I know?!) Windows Update does the same - after creating a Restore Point it fails after trying to install the MSE updates with the same error code. My Java reports that it's the most up-to-date (according to the test button on the link you posted): Java SE Dev Kit 7, update 5 Java 7, update 5 JavaFX 2.1.1 JavaFX 2.1.1 SDK Windows Insaller Clean Up also shows a Java Auto Updater, which is not in Control Panel. I will never need the Java developments kits, can I just delete them? In Britain, at points like this, we sing forlornly, "Always look on the bright side of life..." Thanks again Maurice, Chris
- June 29, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Hi Maurice - Windows Update continues to work with critical updates (system says it's up to date) but 'optional' MSE definitions do not update (same 80070666 error). It got further this time and seemed to be working but after the 'installing' message appeared, it failed with the above error. I'm getting so depressed! Thanks again for continuing to help. (I'll stay on for while longer tonight.) Cheers, Chris
- June 28, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Thank goodness you're there Maurice - I've missed you. (No, really!) I've done your above fixes: the script flashed a command screen (or something) up for a fraction of a second but I didn't see anything else. The Windows services were all as okay, except 'Remote Procedure Call' which, though checked, was marked 'stopped'. I did not mess with it. (!) Once again, I'm hugely gratefuf for your help Maurice, thank you. Cheers, Chris
- June 28, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

It took about 25 minutes - I hope I did it right. OTL: OTL logfile created on: 28/06/2012 09:03:43 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris Burson\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.18% Memory free 6.19 Gb Paging File | 4.97 Gb Available in Paging File | 80.29% Paging File free Paging file location(s): g:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 50.73 Gb Free Space | 50.73% Space Free | Partition Type: NTFS Drive D: | 50.00 Gb Total Space | 41.21 Gb Free Space | 82.43% Space Free | Partition Type: NTFS Drive E: | 82.88 Gb Total Space | 66.85 Gb Free Space | 80.65% Space Free | Partition Type: NTFS Drive F: | 647.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 20.01 Gb Total Space | 16.59 Gb Free Space | 82.91% Space Free | Partition Type: NTFS Drive H: | 50.00 Gb Total Space | 36.36 Gb Free Space | 72.73% Space Free | Partition Type: NTFS Drive I: | 40.00 Gb Total Space | 39.28 Gb Free Space | 98.19% Space Free | Partition Type: NTFS Drive J: | 115.99 Gb Total Space | 115.06 Gb Free Space | 99.20% Space Free | Partition Type: NTFS Computer Name: QOSMIO_G40 | User Name: Chris Burson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe PRC - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe PRC - [2011/01/10 13:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe PRC - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/12/18 13:00:40 | 002,360,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/12/12 19:17:34 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008/12/12 18:56:20 | 000,439,624 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2008/12/11 12:23:38 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008/11/06 20:25:38 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2008/10/17 15:17:32 | 002,569,544 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe PRC - [2007/11/14 12:08:48 | 000,027,400 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2007/11/14 11:43:58 | 000,054,024 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\psqltray.exe PRC - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/04/10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2001/02/13 00:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office10 Tools\Office10\MSOFFICE.EXE ========== Modules (No Company Name) ========== MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc) SRV - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector) SRV - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient) SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/03/07 11:07:02 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2011/01/10 13:29:18 | 000,044,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader) DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2008/12/18 15:11:40 | 000,042,752 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008/12/11 19:02:20 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/08/27 19:01:56 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/08/22 14:50:34 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/11/07 21:57:36 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007/11/01 15:00:00 | 007,630,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/05/02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007/04/14 18:32:34 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007/03/28 15:56:34 | 000,322,816 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ttv500x.sys -- (ttv500x) TOSHIBA PCI TV Tuner(x86) DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2007/01/09 20:00:00 | 000,062,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscir.sys -- (smscir) DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 08:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006/10/05 23:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ) DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {B6633A79-5F75-4E24-9F7A-86D392D5BD6F} IE - HKLM\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/06/22 11:37:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] D:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [updatePDRShortCut] d:\Program Files\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B9B49E-D410-4CED-9CEE-91A6F6181FE0}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - D:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation) O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - D:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg O24 - Desktop BackupWallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1999/03/16 05:49:10 | 000,000,062 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: WudfRd - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/27 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/27 17:02:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/27 12:22:25 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/06/27 12:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012/06/26 16:51:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe [2012/06/26 16:21:18 | 000,000,000 | ---D | C] -- C:\ARK [2012/06/22 12:29:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/22 12:29:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/22 12:28:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/22 12:28:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/22 12:28:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/22 12:28:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/22 12:28:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/22 12:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/22 12:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/22 12:24:37 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/06/22 12:24:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Local\temp [2012/06/22 11:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/22 11:27:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/22 11:27:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/22 11:27:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/22 11:27:06 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/22 11:27:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/22 11:26:56 | 000,000,000 | R--D | C] -- C:\Users\Chris Burson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/06/22 11:26:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/14 09:46:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/06/14 09:46:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/06/14 09:46:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/06/14 09:46:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/06/14 09:46:55 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/06/14 09:46:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/06/14 09:46:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/06/14 09:02:15 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/06/13 10:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012/06/12 12:22:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Roaming\Kodak [1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/28 08:57:26 | 000,001,903 | ---- | M] () -- C:\Users\Chris Burson\Desktop\regfix_vista.reg [2012/06/28 08:55:33 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001 [2012/06/28 08:54:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/28 08:53:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/28 08:53:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/28 08:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/28 08:53:09 | 3220,152,320 | -HS- | M] () -- C:\hiberfil.sys [2012/06/27 16:44:32 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat [2012/06/27 16:35:30 | 000,000,956 | ---- | M] () -- C:\Users\Chris Burson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/27 16:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/27 12:50:28 | 000,000,046 | RH-- | M] () -- C:\Users\Chris Burson\Desktop\stinger.opt [2012/06/27 12:22:25 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/06/27 10:06:26 | 000,340,645 | ---- | M] () -- C:\Users\Chris Burson\Desktop\FSS.exe [2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe [2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/06/22 11:37:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/06/22 10:28:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/06/22 10:28:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/06/22 09:47:16 | 000,495,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/14 09:54:03 | 000,601,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/14 09:54:03 | 000,105,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/13 09:16:25 | 000,000,565 | ---- | M] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk [2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/27 12:50:28 | 000,000,046 | RH-- | C] () -- C:\Users\Chris Burson\Desktop\stinger.opt [2012/06/27 10:06:26 | 000,340,645 | ---- | C] () -- C:\Users\Chris Burson\Desktop\FSS.exe [2012/06/22 11:27:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/22 11:27:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/22 11:27:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/22 11:27:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/22 11:27:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/22 09:45:59 | 3220,152,320 | -HS- | C] () -- C:\hiberfil.sys [2012/06/13 09:16:25 | 000,000,565 | ---- | C] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk [2011/06/03 10:38:26 | 000,017,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2011/06/03 10:38:25 | 006,904,040 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011/04/18 11:38:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011/04/02 15:01:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/04/02 15:01:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/04/02 14:53:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/01/08 15:06:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/09/15 11:35:27 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001 [2008/09/15 11:35:23 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat [2008/09/09 17:02:29 | 000,119,296 | ---- | C] () -- C:\Users\Chris Burson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %ALLUSERSPROFILE%\Application Data\*.dll /s > < %APPDATA%\*. > [2011/06/03 10:46:13 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\AccurateRip [2011/02/23 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Adobe [2009/10/24 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2008/10/30 12:03:22 | 000,000,000 | R--D | M] -- C:\Users\Chris Burson\AppData\Roaming\Brother [2010/07/30 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\CyberLink [2009/03/11 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Datel [2011/06/03 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\dBpoweramp [2011/05/09 10:38:11 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\EAC [2010/04/30 10:58:49 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\FastStone [2011/04/28 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Full [2008/09/17 15:55:55 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Google [2008/08/10 13:52:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Identities [2011/05/20 10:12:32 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\InstallShield [2012/06/12 12:22:21 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Kodak [2008/09/25 09:39:31 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Libronix DLS [2008/08/11 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Macromedia [2012/04/27 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Malwarebytes [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Media Center Programs [2011/02/23 11:11:51 | 000,000,000 | --SD | M] -- C:\Users\Chris Burson\AppData\Roaming\Microsoft [2009/09/19 10:02:55 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Nokia [2011/01/08 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\OpenOffice.org [2008/12/23 18:06:38 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\PC Suite [2011/02/21 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Skype [2011/02/02 13:58:38 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\skypePM [2009/05/12 10:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Toshiba [2009/05/12 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Ulead Systems [2009/10/21 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Virtual Mechanics [2009/12/24 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Windows Home Server [2009/03/13 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012/06/22 10:33:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Chris Burson\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008/09/16 09:44:36 | 000,003,584 | R--- | M] () -- C:\Users\Chris Burson\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe < %APPDATA%\*.dll /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\erdnt\cache\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\(WinRE)\Windows Home Server Drivers for Restore\mshdc.inf_cc18792d\atapi.sys [2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/08/11 20:53:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/08/11 20:53:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/08/11 20:53:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: BEEP.SYS > [2008/01/19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\erdnt\cache\beep.sys [2008/01/19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008/01/19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006/11/02 09:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: CRYPTSVC.DLL > [2006/11/02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll [2008/01/19 08:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\erdnt\cache\cryptsvc.dll [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll [2012/04/23 15:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll [2009/04/11 07:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll < MD5 for: IASTOR.SYS > [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\(WinRE)\Windows Home Server Drivers for Restore\iaahci.inf_b92fa6ec\iaStor.sys [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys [2007/04/25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys < MD5 for: NETLOGON.DLL > [2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: TCPIP.SYS > [2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys [2009/04/11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys [2011/09/20 22:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys [2009/08/15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys [2009/08/14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys [2011/06/17 21:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys [2012/03/30 13:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys [2010/02/18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys [2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys [2009/08/14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys [2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys [2010/02/18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys [2008/08/11 20:53:06 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys [2008/08/11 20:53:06 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys [2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys [2009/08/14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys [2011/06/17 21:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys [2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys [2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys [2011/09/20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys [2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys [2009/08/14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys [2010/02/18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys [2010/04/05 18:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys [2010/04/05 21:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys [2006/11/02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys [2010/02/18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\erdnt\cache\tcpip.sys [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys [2008/01/19 08:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys [2009/08/14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys < MD5 for: THEMEUI.DLL > [2009/04/11 07:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\System32\themeui.dll [2009/04/11 07:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_86ea0f7f18a2f487\themeui.dll [2008/01/19 08:36:40 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=56BA1BD7176DBBFBD037275819DA4AE3 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll [2006/11/02 10:46:13 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=57662420C44382D612E40043DA492616 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll < MD5 for: USERINIT.EXE > [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007/12/05 10:48:10 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007/12/05 10:48:09 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007/12/05 10:48:10 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007/12/05 10:48:18 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007/12/05 10:48:20 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report >
- June 28, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

FSS (2): Farbar Service Scanner Version: 25-06-2012 01 Ran by Chris Burson (administrator) on 27-06-2012 at 16:55:04 Running from "C:\Users\Chris Burson\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************** ************ Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-05-12 09:11] - [2012-03-30 13:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-06-14 09:02] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Very sorry for jumping the gun by deleting stuff - I won't 'overdo stuff' anymore... This laptop has always had antivirus software: AVG for some years, then MSE for the last three (or so) years. (It was delivered with a dreadful Norton package which proved difficult to remove initially. I had to use the official tool.) I'll do another FSS scan now. Are you thinking it's still a virus? Or could there be a simple faulty something going on? Cheers, Chris
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

I did a full scan with the MS tool (3 hrs!) and it came back as 'no infections'. However, MSE will still not update - via Windows Update shows error 80070666 (same as before). I uninstalled MalwareBytes & ERUNT incase they're blocking the updates (?) and rebooted but it made no difference. (I also have a hidden Stinger file on the desktop but was too scared to delete it.) Thanks again for helping - please don't give up! Cheers, Chris
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

I'll have to look at the System Restore setting... Stinger: McAfee® Labs Stinger Version 10.2.0.684 built on Jun 26 2012 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Jun 26 2012. Ready to scan for 4513 viruses, trojans and variants. Scan initiated on Wed Jun 27 12:22:12 2012 Rootkit scan result : Clean Master Boot Record(s):....2 Possibly Infected:.............0 Boot Sector(s):.................7 Possibly Infected: ............0 Number of clean files: 22482 I'll try the MS tool next. Thanks Maurice, Chris
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

What? That's not what it should be - according to my settings, Windows Update is automatic (I never change it) and System Restore is set on all drives/partions. I'll continue with your instructions now. Cheers, Chris
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

FSS: Farbar Service Scanner Version: 25-06-2012 01 Ran by Chris Burson (administrator) on 27-06-2012 at 10:07:37 Running from "C:\Users\Chris Burson\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-05-12 09:11] - [2012-03-30 13:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-06-14 09:02] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Phew! I do appreciate your time & effort Maurice. Many thanks. How are we doing? Cheers, Chris
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

ESET scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=85c70281ac74614892575e48f59b12fa # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-27 08:58:16 # local_time=2012-06-27 09:58:16 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 100 100 39027868 178316617 0 0 # compatibility_mode=8192 67108863 100 0 152 152 0 0 # scanned=183522 # found=4 # cleaned=4 # scan_time=3606 C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JK3VOGZ\;ID=nemexia-160-5;size=160x600;setID=16;type=1;source=240938900;pub=718681;pub=718681[1].js HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U85ORFFO\fw_dnslink_com[3].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C E:\Downloads\PDFConverterSetup.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C I noticed the last entry here is a PDF converter. I installed that as a pukka program! (MSE did not flag it as dodgy.) Anyway, on to the Farbar's thing. Thanks again Maurice.
- June 27, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Checkup: Results of screen317's Security Check version 0.99.24 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner JavaFX 2.1.1 JavaFX 2.1.1 SDK Java 7 Update 5 Java SE Development Kit 7 Update 5 Out of date Java installed! Adobe Reader X (10.1.3) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Microsoft Security Essentials msseces.exe ``````````End of Log````````````
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Okay - thanks Maurice. OTL: OTL logfile created on: 26/06/2012 16:53:07 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris Burson\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free 6.19 Gb Paging File | 4.86 Gb Available in Paging File | 78.47% Paging File free Paging file location(s): g:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 51.14 Gb Free Space | 51.14% Space Free | Partition Type: NTFS Drive D: | 50.00 Gb Total Space | 41.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS Drive E: | 82.88 Gb Total Space | 66.96 Gb Free Space | 80.79% Space Free | Partition Type: NTFS Drive F: | 647.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 20.01 Gb Total Space | 16.51 Gb Free Space | 82.52% Space Free | Partition Type: NTFS Drive H: | 50.00 Gb Total Space | 36.44 Gb Free Space | 72.88% Space Free | Partition Type: NTFS Drive I: | 40.00 Gb Total Space | 39.34 Gb Free Space | 98.35% Space Free | Partition Type: NTFS Drive J: | 115.99 Gb Total Space | 115.13 Gb Free Space | 99.26% Space Free | Partition Type: NTFS Computer Name: QOSMIO_G40 | User Name: Chris Burson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe PRC - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe PRC - [2011/01/10 13:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe PRC - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe PRC - [2007/11/14 12:08:48 | 000,027,400 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2007/11/14 11:43:58 | 000,054,024 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\psqltray.exe PRC - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/04/10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2001/02/13 00:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office10 Tools\Office10\MSOFFICE.EXE ========== Modules (No Company Name) ========== MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc) SRV - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector) SRV - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient) SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- G:\User\Temp\axlyyfoc.sys -- (axlyyfoc) DRV - File not found [Kernel | On_Demand | Unknown] -- G:\User\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/03/07 11:07:02 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2011/01/10 13:29:18 | 000,044,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader) DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2008/12/18 15:11:40 | 000,042,752 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008/12/11 19:02:20 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/08/27 19:01:56 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/08/22 14:50:34 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/11/07 21:57:36 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007/11/01 15:00:00 | 007,630,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/05/02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007/04/14 18:32:34 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007/03/28 15:56:34 | 000,322,816 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ttv500x.sys -- (ttv500x) TOSHIBA PCI TV Tuner(x86) DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2007/01/09 20:00:00 | 000,062,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscir.sys -- (smscir) DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 08:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006/10/05 23:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ) DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {B6633A79-5F75-4E24-9F7A-86D392D5BD6F} IE - HKLM\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/06/22 11:37:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] D:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [updatePDRShortCut] d:\Program Files\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B9B49E-D410-4CED-9CEE-91A6F6181FE0}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - D:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation) O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - D:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg O24 - Desktop BackupWallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1999/03/16 05:49:10 | 000,000,062 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/26 16:51:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe [2012/06/26 16:21:18 | 000,000,000 | ---D | C] -- C:\ARK [2012/06/26 16:02:36 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris Burson\Desktop\tdsskiller.exe [2012/06/26 16:01:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris Burson\Desktop\aswMBR.exe [2012/06/26 15:21:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/26 15:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/26 15:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/06/22 12:29:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/22 12:29:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/22 12:28:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/22 12:28:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/22 12:28:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/22 12:28:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/22 12:28:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/22 12:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/22 12:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/22 12:24:37 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/06/22 12:24:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Local\temp [2012/06/22 11:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/22 11:27:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/22 11:27:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/22 11:27:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/22 11:27:06 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/22 11:27:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/22 11:26:56 | 000,000,000 | R--D | C] -- C:\Users\Chris Burson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/06/22 11:26:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/14 09:46:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/06/14 09:46:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/06/14 09:46:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/06/14 09:46:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/06/14 09:46:55 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/06/14 09:46:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/06/14 09:46:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/06/14 09:02:15 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/06/13 10:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012/06/12 12:22:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Roaming\Kodak [1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe [2012/06/26 16:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/26 16:08:53 | 000,000,512 | ---- | M] () -- C:\Users\Chris Burson\Desktop\MBR.dat [2012/06/26 16:02:36 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris Burson\Desktop\tdsskiller.exe [2012/06/26 16:01:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris Burson\Desktop\aswMBR.exe [2012/06/26 15:37:53 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001 [2012/06/26 15:37:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/26 15:37:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 15:37:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 15:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 15:36:52 | 3220,152,320 | -HS- | M] () -- C:\hiberfil.sys [2012/06/25 09:00:10 | 000,000,956 | ---- | M] () -- C:\Users\Chris Burson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/06/22 11:37:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/06/22 10:28:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/06/22 10:28:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/06/22 09:47:16 | 000,495,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/15 19:49:07 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat [2012/06/14 09:54:03 | 000,601,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/14 09:54:03 | 000,105,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/13 09:16:25 | 000,000,565 | ---- | M] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk [2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/26 16:08:53 | 000,000,512 | ---- | C] () -- C:\Users\Chris Burson\Desktop\MBR.dat [2012/06/22 11:27:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/22 11:27:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/22 11:27:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/22 11:27:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/22 11:27:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/22 09:45:59 | 3220,152,320 | -HS- | C] () -- C:\hiberfil.sys [2012/06/13 09:16:25 | 000,000,565 | ---- | C] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk [2011/06/03 10:38:26 | 000,017,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2011/06/03 10:38:25 | 006,904,040 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011/04/18 11:38:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011/04/02 15:01:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/04/02 15:01:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/04/02 14:53:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/01/08 15:06:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/09/15 11:35:27 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001 [2008/09/15 11:35:23 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat [2008/09/09 17:02:29 | 000,119,296 | ---- | C] () -- C:\Users\Chris Burson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2009/10/24 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2009/03/11 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Datel [2011/06/03 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\dBpoweramp [2011/05/09 10:38:11 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\EAC [2011/04/28 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Full [2008/09/25 09:39:31 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Libronix DLS [2009/09/19 10:02:55 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Nokia [2011/01/08 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\OpenOffice.org [2008/12/23 18:06:38 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\PC Suite [2009/05/12 10:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Toshiba [2009/05/12 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Ulead Systems [2009/10/21 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Virtual Mechanics [2009/12/24 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Windows Home Server [2012/06/26 15:35:53 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 26/06/2012 16:53:07 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris Burson\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free 6.19 Gb Paging File | 4.86 Gb Available in Paging File | 78.47% Paging File free Paging file location(s): g:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 51.14 Gb Free Space | 51.14% Space Free | Partition Type: NTFS Drive D: | 50.00 Gb Total Space | 41.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS Drive E: | 82.88 Gb Total Space | 66.96 Gb Free Space | 80.79% Space Free | Partition Type: NTFS Drive F: | 647.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 20.01 Gb Total Space | 16.51 Gb Free Space | 82.52% Space Free | Partition Type: NTFS Drive H: | 50.00 Gb Total Space | 36.44 Gb Free Space | 72.88% Space Free | Partition Type: NTFS Drive I: | 40.00 Gb Total Space | 39.34 Gb Free Space | 98.35% Space Free | Partition Type: NTFS Drive J: | 115.99 Gb Total Space | 115.13 Gb Free Space | 99.26% Space Free | Partition Type: NTFS Computer Name: QOSMIO_G40 | User Name: Chris Burson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "d:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3469518139-1120787449-2283880736-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0252E090-BA70-4492-8951-FC575AA96031}" = lport=10244 | protocol=6 | dir=in | app=system | "{1C6898CB-9869-4A02-8739-9A42F628599C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20B5D650-E85C-4C65-87A7-409AE7A3EC2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{243BE3EF-E88B-49B1-AED0-0207D91B4FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BAB582B-028F-4669-AC1E-BE521BDBC2C6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2E151DBB-A50E-4ED8-A39F-75A817A9E702}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{3089262C-626C-4762-A40A-F71AEA47E8A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{356BFB16-75DC-4582-913A-5235E1290789}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4EE6FC64-C111-46AA-87C1-778C85F51651}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{507640E2-D79B-447A-BCB9-0F2D8198FA80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{50BB1451-743E-46B8-A96B-125D5CF2AF11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{534ECC32-E3B1-4F0B-A70B-32CF8CDACD97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{6146192E-229C-4D80-82E2-C363E9FD5B7F}" = rport=10244 | protocol=6 | dir=out | app=system | "{78F33C16-8FC3-41B3-9753-759B8740D1FE}" = lport=3390 | protocol=6 | dir=in | app=system | "{81675AFC-BCD6-44B4-91B8-838B00652CCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83C50581-057F-44E0-A462-F39616BB9E1F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{8829ED51-D641-4940-B09A-502AAD6DA72D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93A079D0-47ED-4581-BDB3-CF39751BE8A9}" = lport=3390 | protocol=6 | dir=in | app=system | "{B5FFD6BA-2B08-4E6F-9F27-791C13C2D726}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B98A7C8D-3531-4E1B-83F5-0A9257664F63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF97E1D0-11FC-4539-BA9C-F76F02DF546D}" = lport=10244 | protocol=6 | dir=in | app=system | "{CCAD159A-C259-45F9-AA0C-CED2C594E21F}" = rport=10244 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F40988F-91AC-4A45-A49D-4F28D8A8933C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{2742844D-029B-47BE-BAB6-B2D422C5CA0E}" = dir=in | app=d:\program files\powerdirector\powerdirector\pdr.exe | "{61F2C7D0-7988-4589-B890-74498AEF488E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{81F54781-A475-4EC6-A71E-93C32D807729}" = protocol=17 | dir=in | app=g:\user\temp\7zsbead.tmp\symnrt.exe | "{A4E9D1BA-0364-464D-B840-5E6222B86573}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{AFCE175B-F77C-40A0-B96E-3398F2690427}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{C65FE8EA-4B9A-4298-B707-D049D0CCA934}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{CC9D5EC2-8A8D-4774-BDB4-0846391CC317}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E10B0EE8-E573-44C3-8521-15B81626F0DE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{E3AE38A9-B54B-47CF-91F9-88A49827723A}" = protocol=6 | dir=in | app=g:\user\temp\7zsbead.tmp\symnrt.exe | "{FB36BF71-5270-4CF7-8B4F-94750109F3E2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "TCP Query User{43C49CA5-5709-4A5A-ACBA-BDDC9011D655}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{CB140FC3-2636-4C34-B1D9-1D8F623AC055}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{CFE0C25F-4B6D-4D26-B2A7-1420947F19F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FC83C70B-5712-412E-B494-67B18719314B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{1CAF00DC-9F1B-49B5-BCB9-034677B19216}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3DEFF801-C927-4B48-9813-0E35C18501E9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4B0795FC-BCF9-4E4F-9869-C4BD0AB30E91}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{85B8CA2F-58EE-4D20-8ECE-ADE772C2BD5E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11A64428-9699-40FC-9F05-FF79BBC599BD}" = Ulead WinCinema Disc Creator 1.0 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector "{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8 "{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 "{36816A35-8CB9-4BAA-894A-6C5B86B9CB9A}" = Logos 4 Prerequisites "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FF6DCB6-71FA-4DB1-BCDB-7C93DF2DA992}" = Camera Assistant Software for Toshiba(2.0M) "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{5452B476-225B-44DA-BF24-6639E0084241}" = Logos Bible Software 4 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files "{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files "{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System "{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application "{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = Libronix Update "{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver "{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA HD DVD PLAYER "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95250409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit Tools "{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI "{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum "{C4852924-8548-4FA6-A822-5B3840C5E0E7}" = Biblical Hebrew (SIL) "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop "{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money System Pack "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E7298FD8-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money "{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot) "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002 "{FDCEF602-9FCA-428E-8AD5-5C3C9DC8CE05}" = Qosmio AV Controller Manager "{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CutePDF Writer Installation" = CutePDF Writer 2.8 "dBpoweramp Music Converter" = dBpoweramp Music Converter "Defraggler" = Defraggler "Dolby" = Dolby "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8) "ERUNT_is1" = ERUNT 1.1j "Exact Audio Copy" = Exact Audio Copy 1.0beta1 "FastStone Image Viewer" = FastStone Image Viewer 4.2 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Libronix DLS" = Libronix Digital Library System "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MediaMonkey_is1" = MediaMonkey 3.2 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Office8.0" = Microsoft Office 97, Professional Edition "PhotoScape" = PhotoScape "PROSet" = Intel® Network Connections Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = WinRAR archiver "XPort 360_is1" = XPort 360 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04/09/2010 03:45:52 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06/09/2010 04:18:30 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07/09/2010 04:30:05 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07/09/2010 11:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20 Description = Error - 08/09/2010 04:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20 Description = Error - 08/09/2010 05:36:18 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09/09/2010 04:35:56 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09/09/2010 09:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20 Description = Error - 09/09/2010 11:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20 Description = Error - 09/09/2010 12:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20 Description = [ System Events ] Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: 1.129.483.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: 1.129.483.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.43.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070643 Error description: Fatal error during installation. Error - 26/06/2012 10:47:41 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: 1.129.469.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:41 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: 1.129.469.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8502.0&avdelta=1.129.43.0&asdelta=1.129.43.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8502.0&avdelta=1.129.43.0&asdelta=1.129.43.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8502.0&avdelta=1.129.43.0&asdelta=1.129.43.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8502.0&avdelta=1.129.43.0&asdelta=1.129.43.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Error - 26/06/2012 10:48:21 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report >
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

The gmer.net program will not run, it crashes after about a minute of scanning. Should I continue to Step 4? Cheers, Chris
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

TDSKiller: 6:14:27.0181 5668 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 16:14:27.0337 5668 ============================================================ 16:14:27.0337 5668 Current date / time: 2012/06/26 16:14:27.0337 16:14:27.0337 5668 SystemInfo: 16:14:27.0337 5668 16:14:27.0337 5668 OS Version: 6.0.6002 ServicePack: 2.0 16:14:27.0337 5668 Product type: Workstation 16:14:27.0337 5668 ComputerName: QOSMIO_G40 16:14:27.0337 5668 UserName: Chris Burson 16:14:27.0337 5668 Windows directory: C:\Windows 16:14:27.0337 5668 System windows directory: C:\Windows 16:14:27.0337 5668 Processor architecture: Intel x86 16:14:27.0337 5668 Number of processors: 2 16:14:27.0337 5668 Page size: 0x1000 16:14:27.0337 5668 Boot type: Normal boot 16:14:27.0337 5668 ============================================================ 16:14:27.0774 5668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:14:27.0789 5668 ============================================================ 16:14:27.0789 5668 \Device\Harddisk0\DR0: 16:14:27.0789 5668 MBR partitions: 16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000 16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x6400000 16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C00800, BlocksNum 0xA5C4800 16:14:27.0789 5668 ============================================================ 16:14:27.0836 5668 C: <-> \Device\Harddisk0\DR0\Partition0 16:14:27.0867 5668 D: <-> \Device\Harddisk0\DR0\Partition1 16:14:27.0914 5668 E: <-> \Device\Harddisk0\DR0\Partition2 16:14:27.0914 5668 ============================================================ 16:14:27.0914 5668 Initialize success 16:14:27.0914 5668 ============================================================ 16:14:55.0323 4728 ============================================================ 16:14:55.0323 4728 Scan started 16:14:55.0323 4728 Mode: Manual; SigCheck; TDLFS; 16:14:55.0323 4728 ============================================================ 16:14:55.0760 4728 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 16:14:55.0854 4728 ACPI - ok 16:14:56.0010 4728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 16:14:56.0025 4728 AdobeARMservice - ok 16:14:56.0072 4728 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 16:14:56.0088 4728 adp94xx - ok 16:14:56.0135 4728 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 16:14:56.0150 4728 adpahci - ok 16:14:56.0166 4728 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 16:14:56.0181 4728 adpu160m - ok 16:14:56.0197 4728 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 16:14:56.0213 4728 adpu320 - ok 16:14:56.0228 4728 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 16:14:56.0353 4728 AeLookupSvc - ok 16:14:56.0431 4728 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 16:14:56.0447 4728 AFD - ok 16:14:56.0478 4728 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe 16:14:56.0525 4728 AgereModemAudio - ok 16:14:56.0634 4728 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 16:14:56.0681 4728 AgereSoftModem - ok 16:14:56.0712 4728 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 16:14:56.0727 4728 agp440 - ok 16:14:56.0743 4728 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 16:14:56.0743 4728 aic78xx - ok 16:14:56.0790 4728 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 16:14:56.0915 4728 ALG - ok 16:14:56.0930 4728 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 16:14:56.0930 4728 aliide - ok 16:14:56.0946 4728 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 16:14:56.0961 4728 amdagp - ok 16:14:56.0977 4728 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 16:14:56.0977 4728 amdide - ok 16:14:57.0008 4728 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 16:14:57.0164 4728 AmdK7 - ok 16:14:57.0180 4728 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 16:14:57.0242 4728 AmdK8 - ok 16:14:57.0273 4728 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 16:14:57.0305 4728 Appinfo - ok 16:14:57.0351 4728 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 16:14:57.0367 4728 arc - ok 16:14:57.0398 4728 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 16:14:57.0398 4728 arcsas - ok 16:14:57.0523 4728 arXfrSvc (0ef69443881cde7d8354408f05cf23df) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe 16:14:57.0539 4728 arXfrSvc - ok 16:14:57.0570 4728 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 16:14:57.0617 4728 AsyncMac - ok 16:14:57.0648 4728 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 16:14:57.0663 4728 atapi - ok 16:14:57.0710 4728 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:14:57.0741 4728 AudioEndpointBuilder - ok 16:14:57.0741 4728 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:14:57.0773 4728 Audiosrv - ok 16:14:57.0835 4728 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\Windows\system32\DRIVERS\BackupReader.sys 16:14:57.0835 4728 BackupReader - ok 16:14:57.0882 4728 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 16:14:57.0929 4728 Beep - ok 16:14:57.0960 4728 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 16:14:57.0991 4728 BFE - ok 16:14:58.0053 4728 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 16:14:58.0147 4728 BITS - ok 16:14:58.0147 4728 blbdrive - ok 16:14:58.0194 4728 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 16:14:58.0225 4728 bowser - ok 16:14:58.0241 4728 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 16:14:58.0272 4728 BrFiltLo - ok 16:14:58.0303 4728 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 16:14:58.0334 4728 BrFiltUp - ok 16:14:58.0365 4728 Brother XP spl Service (c711ed965009bdcff9aa62ceb6ff1aad) C:\Windows\system32\brsvc01a.exe 16:14:58.0381 4728 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning 16:14:58.0381 4728 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1) 16:14:58.0428 4728 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 16:14:58.0459 4728 Browser - ok 16:14:58.0490 4728 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 16:14:58.0553 4728 Brserid - ok 16:14:58.0568 4728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 16:14:58.0631 4728 BrSerWdm - ok 16:14:58.0646 4728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 16:14:58.0709 4728 BrUsbMdm - ok 16:14:58.0740 4728 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 16:14:58.0771 4728 BrUsbSer - ok 16:14:58.0787 4728 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 16:14:58.0849 4728 BTHMODEM - ok 16:14:58.0989 4728 catchme - ok 16:14:59.0021 4728 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 16:14:59.0052 4728 cdfs - ok 16:14:59.0099 4728 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 16:14:59.0114 4728 cdrom - ok 16:14:59.0145 4728 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:14:59.0192 4728 CertPropSvc - ok 16:14:59.0270 4728 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 16:14:59.0301 4728 CFSvcs ( UnsignedFile.Multi.Generic ) - warning 16:14:59.0301 4728 CFSvcs - detected UnsignedFile.Multi.Generic (1) 16:14:59.0333 4728 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 16:14:59.0364 4728 circlass - ok 16:14:59.0426 4728 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 16:14:59.0442 4728 CLFS - ok 16:14:59.0520 4728 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:14:59.0520 4728 clr_optimization_v2.0.50727_32 - ok 16:14:59.0613 4728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:14:59.0629 4728 clr_optimization_v4.0.30319_32 - ok 16:14:59.0645 4728 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 16:14:59.0691 4728 CmBatt - ok 16:14:59.0723 4728 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 16:14:59.0723 4728 cmdide - ok 16:14:59.0738 4728 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 16:14:59.0754 4728 Compbatt - ok 16:14:59.0754 4728 COMSysApp - ok 16:14:59.0769 4728 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 16:14:59.0769 4728 crcdisk - ok 16:14:59.0801 4728 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 16:14:59.0847 4728 Crusoe - ok 16:14:59.0894 4728 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 16:14:59.0941 4728 CryptSvc - ok 16:15:00.0019 4728 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 16:15:00.0050 4728 DcomLaunch - ok 16:15:00.0113 4728 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 16:15:00.0159 4728 DfsC - ok 16:15:00.0284 4728 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 16:15:00.0393 4728 DFSR - ok 16:15:00.0518 4728 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 16:15:00.0549 4728 Dhcp - ok 16:15:00.0612 4728 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 16:15:00.0627 4728 disk - ok 16:15:00.0659 4728 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 16:15:00.0705 4728 Dnscache - ok 16:15:00.0752 4728 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 16:15:00.0768 4728 dot3svc - ok 16:15:00.0815 4728 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 16:15:00.0846 4728 DPS - ok 16:15:00.0877 4728 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 16:15:00.0893 4728 drmkaud - ok 16:15:00.0971 4728 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 16:15:01.0002 4728 DXGKrnl - ok 16:15:01.0064 4728 e1express (0c67b7a11e215b5c2ef2eeea70c00e2a) C:\Windows\system32\DRIVERS\e1e6032.sys 16:15:01.0080 4728 e1express - ok 16:15:01.0111 4728 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:15:01.0142 4728 E1G60 - ok 16:15:01.0189 4728 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 16:15:01.0220 4728 EapHost - ok 16:15:01.0267 4728 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 16:15:01.0283 4728 Ecache - ok 16:15:01.0345 4728 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 16:15:01.0361 4728 ehRecvr - ok 16:15:01.0392 4728 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 16:15:01.0423 4728 ehSched - ok 16:15:01.0439 4728 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 16:15:01.0470 4728 ehstart - ok 16:15:01.0517 4728 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 16:15:01.0532 4728 elxstor - ok 16:15:01.0595 4728 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 16:15:01.0673 4728 EMDMgmt - ok 16:15:01.0766 4728 esClient (27aa2c6917c94f6636563d416c8ee24f) C:\Program Files\Windows Home Server\esClient.exe 16:15:01.0782 4728 esClient - ok 16:15:01.0844 4728 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 16:15:01.0860 4728 EventSystem - ok 16:15:01.0969 4728 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 16:15:02.0031 4728 exfat - ok 16:15:02.0094 4728 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 16:15:02.0125 4728 fastfat - ok 16:15:02.0156 4728 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 16:15:02.0203 4728 fdc - ok 16:15:02.0234 4728 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 16:15:02.0250 4728 fdPHost - ok 16:15:02.0265 4728 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 16:15:02.0312 4728 FDResPub - ok 16:15:02.0359 4728 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 16:15:02.0375 4728 FileInfo - ok 16:15:02.0390 4728 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 16:15:02.0406 4728 Filetrace - ok 16:15:02.0421 4728 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 16:15:02.0453 4728 flpydisk - ok 16:15:02.0515 4728 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 16:15:02.0531 4728 FltMgr - ok 16:15:02.0624 4728 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 16:15:02.0640 4728 FontCache - ok 16:15:02.0702 4728 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:15:02.0718 4728 FontCache3.0.0.0 - ok 16:15:02.0765 4728 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 16:15:02.0811 4728 Fs_Rec - ok 16:15:02.0843 4728 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 16:15:02.0843 4728 gagp30kx - ok 16:15:02.0921 4728 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 16:15:02.0952 4728 gpsvc - ok 16:15:03.0030 4728 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 16:15:03.0045 4728 gupdate - ok 16:15:03.0061 4728 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 16:15:03.0077 4728 gupdatem - ok 16:15:03.0092 4728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:15:03.0108 4728 gusvc - ok 16:15:03.0123 4728 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 16:15:03.0186 4728 HdAudAddService - ok 16:15:03.0233 4728 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:15:03.0279 4728 HDAudBus - ok 16:15:03.0311 4728 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 16:15:03.0373 4728 HidBth - ok 16:15:03.0389 4728 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 16:15:03.0404 4728 HidIr - ok 16:15:03.0467 4728 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 16:15:03.0498 4728 hidserv - ok 16:15:03.0513 4728 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 16:15:03.0576 4728 HidUsb - ok 16:15:03.0607 4728 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 16:15:03.0623 4728 hkmsvc - ok 16:15:03.0654 4728 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 16:15:03.0654 4728 HpCISSs - ok 16:15:03.0716 4728 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 16:15:03.0763 4728 HTTP - ok 16:15:03.0794 4728 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 16:15:03.0810 4728 i2omp - ok 16:15:03.0810 4728 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 16:15:03.0857 4728 i8042prt - ok 16:15:03.0903 4728 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys 16:15:03.0903 4728 iaStor - ok 16:15:03.0935 4728 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 16:15:03.0950 4728 iaStorV - ok 16:15:04.0028 4728 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 16:15:04.0044 4728 IDriverT ( UnsignedFile.Multi.Generic ) - warning 16:15:04.0044 4728 IDriverT - detected UnsignedFile.Multi.Generic (1) 16:15:04.0153 4728 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:15:04.0200 4728 idsvc - ok 16:15:04.0325 4728 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 16:15:04.0325 4728 iirsp - ok 16:15:04.0403 4728 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 16:15:04.0449 4728 IKEEXT - ok 16:15:04.0574 4728 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys 16:15:04.0652 4728 IntcAzAudAddService - ok 16:15:04.0777 4728 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 16:15:04.0777 4728 intelide - ok 16:15:04.0793 4728 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 16:15:04.0808 4728 intelppm - ok 16:15:04.0839 4728 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 16:15:04.0886 4728 IPBusEnum - ok 16:15:04.0917 4728 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:15:04.0964 4728 IpFilterDriver - ok 16:15:05.0011 4728 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 16:15:05.0042 4728 iphlpsvc - ok 16:15:05.0042 4728 IpInIp - ok 16:15:05.0073 4728 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 16:15:05.0120 4728 IPMIDRV - ok 16:15:05.0151 4728 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 16:15:05.0183 4728 IPNAT - ok 16:15:05.0214 4728 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 16:15:05.0229 4728 IRENUM - ok 16:15:05.0245 4728 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 16:15:05.0261 4728 isapnp - ok 16:15:05.0292 4728 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 16:15:05.0307 4728 iScsiPrt - ok 16:15:05.0323 4728 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 16:15:05.0339 4728 iteatapi - ok 16:15:05.0354 4728 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 16:15:05.0370 4728 iteraid - ok 16:15:05.0401 4728 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:15:05.0401 4728 kbdclass - ok 16:15:05.0432 4728 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 16:15:05.0463 4728 kbdhid - ok 16:15:05.0510 4728 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:15:05.0541 4728 KeyIso - ok 16:15:05.0573 4728 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys 16:15:05.0604 4728 KR10I - ok 16:15:05.0635 4728 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys 16:15:05.0651 4728 KR10N - ok 16:15:05.0682 4728 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 16:15:05.0697 4728 KSecDD - ok 16:15:05.0744 4728 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 16:15:05.0791 4728 KtmRm - ok 16:15:05.0853 4728 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 16:15:05.0885 4728 LanmanServer - ok 16:15:05.0931 4728 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 16:15:05.0963 4728 LanmanWorkstation - ok 16:15:05.0994 4728 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 16:15:06.0025 4728 lltdio - ok 16:15:06.0072 4728 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 16:15:06.0103 4728 lltdsvc - ok 16:15:06.0150 4728 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 16:15:06.0181 4728 lmhosts - ok 16:15:06.0212 4728 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 16:15:06.0212 4728 LSI_FC - ok 16:15:06.0243 4728 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 16:15:06.0243 4728 LSI_SAS - ok 16:15:06.0259 4728 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 16:15:06.0275 4728 LSI_SCSI - ok 16:15:06.0290 4728 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 16:15:06.0337 4728 luafv - ok 16:15:06.0399 4728 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 16:15:06.0415 4728 MBAMProtector - ok 16:15:06.0524 4728 MBAMService (ba400ed640bca1eae5c727ae17c10207) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 16:15:06.0571 4728 MBAMService - ok 16:15:06.0602 4728 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 16:15:06.0633 4728 Mcx2Svc - ok 16:15:06.0727 4728 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 16:15:06.0727 4728 MDM - ok 16:15:06.0758 4728 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 16:15:06.0774 4728 megasas - ok 16:15:06.0789 4728 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:15:06.0836 4728 MMCSS - ok 16:15:06.0867 4728 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 16:15:06.0899 4728 Modem - ok 16:15:06.0961 4728 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 16:15:06.0992 4728 monitor - ok 16:15:07.0039 4728 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 16:15:07.0039 4728 mouclass - ok 16:15:07.0055 4728 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 16:15:07.0086 4728 mouhid - ok 16:15:07.0101 4728 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 16:15:07.0117 4728 MountMgr - ok 16:15:07.0179 4728 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 16:15:07.0195 4728 MpFilter - ok 16:15:07.0226 4728 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 16:15:07.0242 4728 mpio - ok 16:15:07.0273 4728 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 16:15:07.0289 4728 mpsdrv - ok 16:15:07.0335 4728 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 16:15:07.0367 4728 MpsSvc - ok 16:15:07.0398 4728 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 16:15:07.0398 4728 Mraid35x - ok 16:15:07.0445 4728 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 16:15:07.0476 4728 MRxDAV - ok 16:15:07.0554 4728 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:15:07.0585 4728 mrxsmb - ok 16:15:07.0647 4728 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:15:07.0663 4728 mrxsmb10 - ok 16:15:07.0679 4728 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:15:07.0679 4728 mrxsmb20 - ok 16:15:07.0710 4728 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 16:15:07.0710 4728 msahci - ok 16:15:07.0741 4728 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 16:15:07.0741 4728 msdsm - ok 16:15:07.0772 4728 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 16:15:07.0803 4728 MSDTC - ok 16:15:07.0819 4728 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 16:15:07.0850 4728 Msfs - ok 16:15:07.0881 4728 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 16:15:07.0897 4728 msisadrv - ok 16:15:07.0944 4728 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 16:15:07.0975 4728 MSiSCSI - ok 16:15:07.0975 4728 msiserver - ok 16:15:08.0006 4728 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 16:15:08.0053 4728 MSKSSRV - ok 16:15:08.0162 4728 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:15:08.0162 4728 MsMpSvc - ok 16:15:08.0209 4728 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 16:15:08.0240 4728 MSPCLOCK - ok 16:15:08.0271 4728 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 16:15:08.0303 4728 MSPQM - ok 16:15:08.0365 4728 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 16:15:08.0365 4728 MsRPC - ok 16:15:08.0412 4728 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 16:15:08.0427 4728 mssmbios - ok 16:15:08.0443 4728 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 16:15:08.0474 4728 MSTEE - ok 16:15:08.0490 4728 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 16:15:08.0505 4728 Mup - ok 16:15:08.0552 4728 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 16:15:08.0599 4728 napagent - ok 16:15:08.0630 4728 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 16:15:08.0661 4728 NativeWifiP - ok 16:15:08.0708 4728 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 16:15:08.0739 4728 NDIS - ok 16:15:08.0786 4728 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 16:15:08.0817 4728 NdisTapi - ok 16:15:08.0849 4728 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 16:15:08.0880 4728 Ndisuio - ok 16:15:08.0895 4728 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:15:08.0911 4728 NdisWan - ok 16:15:08.0958 4728 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 16:15:08.0973 4728 NDProxy - ok 16:15:08.0989 4728 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 16:15:09.0036 4728 NetBIOS - ok 16:15:09.0067 4728 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 16:15:09.0083 4728 netbt - ok 16:15:09.0129 4728 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:15:09.0145 4728 Netlogon - ok 16:15:09.0192 4728 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 16:15:09.0239 4728 Netman - ok 16:15:09.0301 4728 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 16:15:09.0317 4728 netprofm - ok 16:15:09.0395 4728 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:15:09.0395 4728 NetTcpPortSharing - ok 16:15:09.0566 4728 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 16:15:09.0675 4728 NETw4v32 - ok 16:15:10.0003 4728 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 16:15:10.0112 4728 NETw5v32 - ok 16:15:10.0253 4728 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 16:15:10.0253 4728 nfrd960 - ok 16:15:10.0284 4728 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:15:10.0299 4728 NisDrv - ok 16:15:10.0393 4728 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe 16:15:10.0409 4728 NisSrv - ok 16:15:10.0471 4728 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 16:15:10.0502 4728 NlaSvc - ok 16:15:10.0565 4728 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 16:15:10.0596 4728 Npfs - ok 16:15:10.0643 4728 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 16:15:10.0674 4728 nsi - ok 16:15:10.0721 4728 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 16:15:10.0767 4728 nsiproxy - ok 16:15:10.0845 4728 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 16:15:10.0892 4728 Ntfs - ok 16:15:10.0908 4728 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 16:15:10.0970 4728 ntrigdigi - ok 16:15:11.0001 4728 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 16:15:11.0033 4728 Null - ok 16:15:11.0423 4728 nvlddmkm (1003439396eae18c3699b5d4532f56aa) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:15:11.0781 4728 nvlddmkm - ok 16:15:11.0937 4728 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 16:15:11.0953 4728 nvraid - ok 16:15:11.0969 4728 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 16:15:11.0969 4728 nvstor - ok 16:15:12.0000 4728 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 16:15:12.0015 4728 nv_agp - ok 16:15:12.0015 4728 NwlnkFlt - ok 16:15:12.0031 4728 NwlnkFwd - ok 16:15:12.0078 4728 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 16:15:12.0125 4728 ohci1394 - ok 16:15:12.0187 4728 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:15:12.0203 4728 ose - ok 16:15:12.0265 4728 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:15:12.0296 4728 p2pimsvc - ok 16:15:12.0296 4728 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:15:12.0327 4728 p2psvc - ok 16:15:12.0359 4728 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 16:15:12.0421 4728 Parport - ok 16:15:12.0437 4728 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 16:15:12.0452 4728 partmgr - ok 16:15:12.0483 4728 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 16:15:12.0546 4728 Parvdm - ok 16:15:12.0577 4728 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 16:15:12.0593 4728 PcaSvc - ok 16:15:12.0639 4728 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 16:15:12.0671 4728 pccsmcfd - ok 16:15:12.0717 4728 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 16:15:12.0733 4728 pci - ok 16:15:12.0780 4728 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 16:15:12.0795 4728 pciide - ok 16:15:12.0827 4728 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 16:15:12.0842 4728 pcmcia - ok 16:15:12.0920 4728 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 16:15:12.0983 4728 PEAUTH - ok 16:15:13.0092 4728 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 16:15:13.0154 4728 pla - ok 16:15:13.0279 4728 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 16:15:13.0326 4728 PlugPlay - ok 16:15:13.0419 4728 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:15:13.0435 4728 PNRPAutoReg - ok 16:15:13.0435 4728 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:15:13.0466 4728 PNRPsvc - ok 16:15:13.0513 4728 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 16:15:13.0529 4728 PolicyAgent - ok 16:15:13.0591 4728 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 16:15:13.0638 4728 PptpMiniport - ok 16:15:13.0669 4728 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 16:15:13.0716 4728 Processor - ok 16:15:13.0763 4728 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 16:15:13.0778 4728 ProfSvc - ok 16:15:13.0825 4728 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:15:13.0841 4728 ProtectedStorage - ok 16:15:13.0887 4728 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 16:15:13.0919 4728 PSched - ok 16:15:13.0965 4728 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\Windows\system32\pwdrvio.sys 16:15:13.0981 4728 pwdrvio - ok 16:15:14.0012 4728 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\Windows\system32\pwdspio.sys 16:15:14.0028 4728 pwdspio - ok 16:15:14.0090 4728 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 16:15:14.0121 4728 ql2300 - ok 16:15:14.0137 4728 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 16:15:14.0153 4728 ql40xx - ok 16:15:14.0184 4728 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 16:15:14.0215 4728 QWAVE - ok 16:15:14.0246 4728 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 16:15:14.0277 4728 QWAVEdrv - ok 16:15:14.0309 4728 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 16:15:14.0355 4728 RasAcd - ok 16:15:14.0402 4728 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 16:15:14.0433 4728 RasAuto - ok 16:15:14.0480 4728 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:15:14.0496 4728 Rasl2tp - ok 16:15:14.0558 4728 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 16:15:14.0589 4728 RasMan - ok 16:15:14.0621 4728 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 16:15:14.0652 4728 RasPppoe - ok 16:15:14.0699 4728 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 16:15:14.0730 4728 RasSstp - ok 16:15:14.0777 4728 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 16:15:14.0792 4728 rdbss - ok 16:15:14.0808 4728 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:15:14.0839 4728 RDPCDD - ok 16:15:14.0901 4728 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 16:15:14.0948 4728 rdpdr - ok 16:15:14.0964 4728 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 16:15:14.0995 4728 RDPENCDD - ok 16:15:15.0042 4728 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 16:15:15.0057 4728 RDPWD - ok 16:15:15.0089 4728 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 16:15:15.0135 4728 RemoteAccess - ok 16:15:15.0167 4728 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 16:15:15.0198 4728 RemoteRegistry - ok 16:15:15.0291 4728 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files\Cyberlink\Shared files\RichVideo.exe 16:15:15.0291 4728 RichVideo - ok 16:15:15.0323 4728 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 16:15:15.0369 4728 ROOTMODEM - ok 16:15:15.0401 4728 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 16:15:15.0416 4728 RpcLocator - ok 16:15:15.0479 4728 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 16:15:15.0494 4728 RpcSs - ok 16:15:15.0525 4728 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 16:15:15.0557 4728 rspndr - ok 16:15:15.0588 4728 RTL85n86 (c9b9b3219322786ef82745e09fe9cbe8) C:\Windows\system32\DRIVERS\RTL85n86.sys 16:15:15.0635 4728 RTL85n86 - ok 16:15:15.0666 4728 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:15:15.0681 4728 SamSs - ok 16:15:15.0713 4728 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 16:15:15.0728 4728 sbp2port - ok 16:15:15.0775 4728 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 16:15:15.0806 4728 SCardSvr - ok 16:15:15.0869 4728 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 16:15:15.0915 4728 Schedule - ok 16:15:15.0947 4728 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:15:15.0962 4728 SCPolicySvc - ok 16:15:15.0993 4728 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 16:15:16.0025 4728 sdbus - ok 16:15:16.0056 4728 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 16:15:16.0087 4728 SDRSVC - ok 16:15:16.0118 4728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:15:16.0181 4728 secdrv - ok 16:15:16.0212 4728 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 16:15:16.0243 4728 seclogon - ok 16:15:16.0259 4728 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 16:15:16.0305 4728 SENS - ok 16:15:16.0321 4728 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 16:15:16.0383 4728 Serenum - ok 16:15:16.0415 4728 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 16:15:16.0461 4728 Serial - ok 16:15:16.0493 4728 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 16:15:16.0539 4728 sermouse - ok 16:15:16.0664 4728 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 16:15:16.0680 4728 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 16:15:16.0680 4728 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 16:15:16.0711 4728 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 16:15:16.0727 4728 SessionEnv - ok 16:15:16.0758 4728 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 16:15:16.0773 4728 sffdisk - ok 16:15:16.0805 4728 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 16:15:16.0851 4728 sffp_mmc - ok 16:15:16.0883 4728 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 16:15:16.0898 4728 sffp_sd - ok 16:15:16.0898 4728 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 16:15:16.0929 4728 sfloppy - ok 16:15:16.0976 4728 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 16:15:16.0992 4728 SharedAccess - ok 16:15:17.0054 4728 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 16:15:17.0070 4728 ShellHWDetection - ok 16:15:17.0101 4728 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 16:15:17.0101 4728 sisagp - ok 16:15:17.0117 4728 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 16:15:17.0132 4728 SiSRaid2 - ok 16:15:17.0148 4728 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 16:15:17.0163 4728 SiSRaid4 - ok 16:15:17.0366 4728 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 16:15:17.0460 4728 slsvc - ok 16:15:17.0585 4728 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 16:15:17.0616 4728 SLUINotify - ok 16:15:17.0678 4728 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 16:15:17.0694 4728 Smb - ok 16:15:17.0725 4728 smscir (7ffa9d581bda7593985c642692e184fe) C:\Windows\system32\DRIVERS\smscir.sys 16:15:17.0741 4728 smscir - ok 16:15:17.0787 4728 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 16:15:17.0803 4728 SNMPTRAP - ok 16:15:17.0819 4728 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 16:15:17.0834 4728 spldr - ok 16:15:17.0865 4728 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 16:15:17.0897 4728 Spooler - ok 16:15:17.0943 4728 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 16:15:17.0990 4728 srv - ok 16:15:18.0037 4728 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 16:15:18.0053 4728 srv2 - ok 16:15:18.0099 4728 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 16:15:18.0115 4728 srvnet - ok 16:15:18.0177 4728 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 16:15:18.0209 4728 SSDPSRV - ok 16:15:18.0255 4728 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 16:15:18.0287 4728 SstpSvc - ok 16:15:18.0365 4728 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 16:15:18.0396 4728 stisvc - ok 16:15:18.0427 4728 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 16:15:18.0427 4728 swenum - ok 16:15:18.0474 4728 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 16:15:18.0505 4728 swprv - ok 16:15:18.0536 4728 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 16:15:18.0552 4728 Symc8xx - ok 16:15:18.0567 4728 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 16:15:18.0567 4728 Sym_hi - ok 16:15:18.0599 4728 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 16:15:18.0599 4728 Sym_u3 - ok 16:15:18.0630 4728 SynTP (c281913060232950b1021f7e203bfd76) C:\Windows\system32\DRIVERS\SynTP.sys 16:15:18.0630 4728 SynTP - ok 16:15:18.0708 4728 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 16:15:18.0739 4728 SysMain - ok 16:15:18.0755 4728 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 16:15:18.0786 4728 TabletInputService - ok 16:15:18.0833 4728 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 16:15:18.0864 4728 TapiSrv - ok 16:15:18.0911 4728 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 16:15:18.0926 4728 TBS - ok 16:15:19.0020 4728 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys 16:15:19.0051 4728 Tcpip - ok 16:15:19.0067 4728 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys 16:15:19.0098 4728 Tcpip6 - ok 16:15:19.0145 4728 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys 16:15:19.0160 4728 tcpipreg - ok 16:15:19.0207 4728 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys 16:15:19.0207 4728 TcUsb - ok 16:15:19.0238 4728 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 16:15:19.0254 4728 tdcmdpst - ok 16:15:19.0285 4728 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 16:15:19.0301 4728 TDPIPE - ok 16:15:19.0332 4728 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 16:15:19.0363 4728 TDTCP - ok 16:15:19.0425 4728 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 16:15:19.0457 4728 tdx - ok 16:15:19.0488 4728 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 16:15:19.0503 4728 TermDD - ok 16:15:19.0550 4728 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 16:15:19.0597 4728 TermService - ok 16:15:19.0659 4728 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 16:15:19.0675 4728 Themes - ok 16:15:19.0691 4728 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:15:19.0722 4728 THREADORDER - ok 16:15:19.0753 4728 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys 16:15:19.0784 4728 tifm21 - ok 16:15:19.0878 4728 TNaviSrv (777ed1cfd4fc8c9415555a8b368c1b73) C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe 16:15:19.0878 4728 TNaviSrv - ok 16:15:19.0909 4728 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe 16:15:19.0925 4728 TODDSrv ( UnsignedFile.Multi.Generic ) - warning 16:15:19.0925 4728 TODDSrv - detected UnsignedFile.Multi.Generic (1) 16:15:19.0971 4728 TosCoSrv (20df81a037ab498e75fcf97e24a69eac) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 16:15:19.0987 4728 TosCoSrv - ok 16:15:20.0034 4728 TOSHIBA Bluetooth Service (f1ff6b201a6385e54c492f8e92efd62b) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 16:15:20.0049 4728 TOSHIBA Bluetooth Service - ok 16:15:20.0096 4728 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys 16:15:20.0127 4728 tosporte - ok 16:15:20.0159 4728 tosrfbd (eaeddb6c8bbe3e1b753753c2e847fecb) C:\Windows\system32\DRIVERS\tosrfbd.sys 16:15:20.0159 4728 tosrfbd - ok 16:15:20.0174 4728 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys 16:15:20.0190 4728 tosrfbnp - ok 16:15:20.0221 4728 Tosrfcom (f6158c41bf2ba736deb779b625597016) C:\Windows\system32\Drivers\tosrfcom.sys 16:15:20.0268 4728 Tosrfcom - ok 16:15:20.0315 4728 tosrfec (c063b8e2db85420438ebce3fc8d2752e) C:\Windows\system32\DRIVERS\tosrfec.sys 16:15:20.0330 4728 tosrfec - ok 16:15:20.0346 4728 Tosrfhid (97c2dc66dfec6706267ecf64f5899ad4) C:\Windows\system32\DRIVERS\Tosrfhid.sys 16:15:20.0393 4728 Tosrfhid - ok 16:15:20.0424 4728 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys 16:15:20.0471 4728 tosrfnds - ok 16:15:20.0486 4728 TosRfSnd (bac179b6fce8531d693163cc1fb630c8) C:\Windows\system32\drivers\tosrfsnd.sys 16:15:20.0517 4728 TosRfSnd - ok 16:15:20.0533 4728 Tosrfusb (8f21f09576c36e022f620b71c42e914d) C:\Windows\system32\DRIVERS\tosrfusb.sys 16:15:20.0549 4728 Tosrfusb - ok 16:15:20.0627 4728 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys 16:15:20.0658 4728 tos_sps32 - ok 16:15:20.0689 4728 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 16:15:20.0736 4728 TrkWks - ok 16:15:20.0798 4728 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 16:15:20.0829 4728 TrustedInstaller - ok 16:15:20.0861 4728 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:15:20.0876 4728 tssecsrv - ok 16:15:20.0907 4728 ttv500x (9dc10076da6b4e01f6c529ec5a11b89a) C:\Windows\system32\drivers\ttv500x.sys 16:15:20.0939 4728 ttv500x - ok 16:15:20.0954 4728 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 16:15:20.0985 4728 tunmp - ok 16:15:21.0017 4728 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 16:15:21.0048 4728 tunnel - ok 16:15:21.0095 4728 TVALZ (c2ac99b9979aa8b82b4bb5ee514ef71b) C:\Windows\system32\DRIVERS\TVALZ.SYS 16:15:21.0110 4728 TVALZ - ok 16:15:21.0141 4728 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 16:15:21.0157 4728 uagp35 - ok 16:15:21.0188 4728 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 16:15:21.0219 4728 udfs - ok 16:15:21.0251 4728 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 16:15:21.0266 4728 UI0Detect - ok 16:15:21.0344 4728 UleadBurningHelper (4bd2c322118a2470b450492a0c3302f9) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 16:15:21.0360 4728 UleadBurningHelper - ok 16:15:21.0391 4728 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 16:15:21.0391 4728 uliagpkx - ok 16:15:21.0422 4728 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 16:15:21.0438 4728 uliahci - ok 16:15:21.0453 4728 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 16:15:21.0469 4728 UlSata - ok 16:15:21.0485 4728 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 16:15:21.0500 4728 ulsata2 - ok 16:15:21.0531 4728 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 16:15:21.0547 4728 umbus - ok 16:15:21.0594 4728 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys 16:15:21.0641 4728 UMPass - ok 16:15:21.0703 4728 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 16:15:21.0734 4728 upnphost - ok 16:15:21.0765 4728 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 16:15:21.0781 4728 upperdev - ok 16:15:21.0843 4728 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 16:15:21.0875 4728 usbccgp - ok 16:15:21.0906 4728 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 16:15:21.0968 4728 usbcir - ok 16:15:21.0999 4728 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 16:15:22.0031 4728 usbehci - ok 16:15:22.0062 4728 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 16:15:22.0093 4728 usbhub - ok 16:15:22.0124 4728 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 16:15:22.0171 4728 usbohci - ok 16:15:22.0218 4728 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 16:15:22.0265 4728 usbprint - ok 16:15:22.0296 4728 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 16:15:22.0311 4728 usbscan - ok 16:15:22.0327 4728 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys 16:15:22.0343 4728 usbser - ok 16:15:22.0358 4728 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 16:15:22.0389 4728 UsbserFilt - ok 16:15:22.0436 4728 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:15:22.0483 4728 USBSTOR - ok 16:15:22.0514 4728 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 16:15:22.0545 4728 usbuhci - ok 16:15:22.0592 4728 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 16:15:22.0623 4728 usbvideo - ok 16:15:22.0655 4728 UVCFTR (50ba5986dcd8ae3e8907d968bef98615) C:\Windows\system32\Drivers\UVCFTR_S.SYS 16:15:22.0686 4728 UVCFTR - ok 16:15:22.0717 4728 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 16:15:22.0733 4728 UxSms - ok 16:15:22.0795 4728 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 16:15:22.0811 4728 vds - ok 16:15:22.0842 4728 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 16:15:22.0889 4728 vga - ok 16:15:22.0920 4728 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 16:15:22.0935 4728 VgaSave - ok 16:15:22.0951 4728 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 16:15:22.0951 4728 viaagp - ok 16:15:22.0982 4728 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 16:15:23.0013 4728 ViaC7 - ok 16:15:23.0029 4728 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 16:15:23.0029 4728 viaide - ok 16:15:23.0060 4728 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 16:15:23.0076 4728 volmgr - ok 16:15:23.0123 4728 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 16:15:23.0138 4728 volmgrx - ok 16:15:23.0201 4728 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 16:15:23.0216 4728 volsnap - ok 16:15:23.0247 4728 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 16:15:23.0263 4728 vsmraid - ok 16:15:23.0341 4728 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 16:15:23.0388 4728 VSS - ok 16:15:23.0450 4728 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 16:15:23.0466 4728 W32Time - ok 16:15:23.0559 4728 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 16:15:23.0591 4728 WacomPen - ok 16:15:23.0637 4728 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:15:23.0669 4728 Wanarp - ok 16:15:23.0684 4728 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:15:23.0700 4728 Wanarpv6 - ok 16:15:23.0747 4728 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 16:15:23.0762 4728 wcncsvc - ok 16:15:23.0809 4728 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 16:15:23.0840 4728 WcsPlugInService - ok 16:15:23.0903 4728 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 16:15:23.0918 4728 Wd - ok 16:15:24.0308 4728 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 16:15:24.0324 4728 Wdf01000 - ok 16:15:24.0371 4728 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:15:24.0417 4728 WdiServiceHost - ok 16:15:24.0417 4728 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:15:24.0449 4728 WdiSystemHost - ok 16:15:24.0495 4728 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 16:15:24.0511 4728 WebClient - ok 16:15:24.0558 4728 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 16:15:24.0558 4728 Wecsvc - ok 16:15:24.0605 4728 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 16:15:24.0620 4728 wercplsupport - ok 16:15:24.0667 4728 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 16:15:24.0683 4728 WerSvc - ok 16:15:24.0776 4728 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe 16:15:24.0792 4728 WHSConnector - ok 16:15:24.0948 4728 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 16:15:24.0963 4728 WinDefend - ok 16:15:24.0995 4728 WinHttpAutoProxySvc - ok 16:15:25.0057 4728 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 16:15:25.0073 4728 Winmgmt - ok 16:15:25.0166 4728 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 16:15:25.0213 4728 WinRM - ok 16:15:25.0291 4728 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 16:15:25.0353 4728 Wlansvc - ok 16:15:25.0416 4728 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 16:15:25.0463 4728 WmiAcpi - ok 16:15:25.0509 4728 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 16:15:25.0525 4728 wmiApSrv - ok 16:15:25.0650 4728 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 16:15:25.0712 4728 WMPNetworkSvc - ok 16:15:25.0743 4728 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 16:15:25.0759 4728 WPCSvc - ok 16:15:25.0821 4728 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 16:15:25.0853 4728 WPDBusEnum - ok 16:15:25.0993 4728 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:15:26.0009 4728 WPFFontCache_v0400 - ok 16:15:26.0055 4728 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 16:15:26.0102 4728 ws2ifsl - ok 16:15:26.0149 4728 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 16:15:26.0165 4728 wscsvc - ok 16:15:26.0180 4728 WSearch - ok 16:15:26.0321 4728 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 16:15:26.0367 4728 wuauserv - ok 16:15:26.0492 4728 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 16:15:26.0492 4728 WudfPf - ok 16:15:26.0539 4728 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll 16:15:26.0601 4728 wudfsvc - ok 16:15:26.0617 4728 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 16:15:26.0945 4728 \Device\Harddisk0\DR0 - ok 16:15:26.0945 4728 Boot (0x1200) (887d6080af17e232339a77ae8f0b057c) \Device\Harddisk0\DR0\Partition0 16:15:26.0945 4728 \Device\Harddisk0\DR0\Partition0 - ok 16:15:26.0976 4728 Boot (0x1200) (c9061633bdc339c45b2bdd2ded167b13) \Device\Harddisk0\DR0\Partition1 16:15:26.0976 4728 \Device\Harddisk0\DR0\Partition1 - ok 16:15:26.0991 4728 Boot (0x1200) (84e7b4a313e8c00f00ff12db4d02fe17) \Device\Harddisk0\DR0\Partition2 16:15:26.0991 4728 \Device\Harddisk0\DR0\Partition2 - ok 16:15:26.0991 4728 ============================================================ 16:15:26.0991 4728 Scan finished 16:15:26.0991 4728 ============================================================ 16:15:27.0007 0564 Detected object count: 5 16:15:27.0007 0564 Actual detected object count: 5 16:16:03.0620 0564 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:03.0620 0564 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:16:03.0620 0564 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:03.0620 0564 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:16:03.0620 0564 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:03.0620 0564 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:16:03.0636 0564 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:03.0636 0564 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:16:03.0636 0564 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:03.0636 0564 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Just seen the no attachments rule, sorry: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-26 16:06:32 ----------------------------- 16:06:32.281 OS Version: Windows 6.0.6002 Service Pack 2 16:06:32.281 Number of processors: 2 586 0xF0B 16:06:32.281 ComputerName: QOSMIO_G40 UserName: 16:06:33.061 Initialize success 16:07:57.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 16:07:57.635 Disk 0 Vendor: FUJITSU_ 0040 Size: 238475MB BusType: 3 16:07:57.651 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 16:07:57.651 Disk 1 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3 16:07:57.667 Disk 0 MBR read successfully 16:07:57.667 Disk 0 MBR scan 16:07:57.667 Disk 0 Windows VISTA default MBR code 16:07:57.682 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048 16:07:57.698 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51200 MB offset 209717248 16:07:57.713 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 84873 MB offset 314574848 16:07:57.729 Disk 0 scanning sectors +488394752 16:07:57.776 Disk 0 scanning C:\Windows\system32\drivers 16:08:05.155 Service scanning 16:08:24.265 Modules scanning 16:08:31.893 Scan finished successfully 16:08:53.702 Disk 0 MBR has been saved successfully to "C:\Users\Chris Burson\Desktop\MBR.dat" 16:08:53.702 The log file has been saved successfully to "C:\Users\Chris Burson\Desktop\aswMBR.txt"
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

TDSKiller attached. Nothing I could see but five 'medium' risk files showed. I went with the suggested option of 'Skip' - I've no idea if that's good or bad! On to Step 3... Thanks again, Chris TDSKiller1.doc
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Hi Maurice - aswMBR attached. The 'Fix' button was greyed-out and not available. (I assume 'a-v scan to None' was the option to install the anti-virus program, which I declined.) TDSKiller next... Thanks again, Chris aswMBR.txt
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT replied to ChrisOfTheOT's topic in Resolved Malware Removal Logs

Hi Maurice - many, many thanks for your help. Both MWB logs attached (before and after), though neither showed any infection. Thanks again Maurice, Chris mbam-log-2012-06-26 (15-26-31).txt mbam-log-2012-06-26 (15-40-36).txt
- June 26, 2012
- 42 replies
Adware.GamePlayLabs changed into Trojan.Dropper.PE4

ChrisOfTheOT posted a topic in Resolved Malware Removal Logs

MSE stopped updating and MWB revealed the GamePlayLabs infection. I followed a post here (http://forums.malwar...howtopic=109245) but then got Trojan.Dropper. MSE still will not update. DDS scans attached and a full MWB scan from yesterday (with a TDS Killer & ComboFix from a couple of days ago). MSE was disabled by me for some scans but is running, outdated, now. I'm stuck - please help! Many thanks, Chris . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Chris Burson at 10:03:31 on 2012-06-26 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1650 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService D:\Program Files\Protector Suite QL\upeksvr.exe C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\ehome\ehsched.exe C:\Program Files\Windows Home Server\esClient.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\brss01a.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\ehome\ehRec.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe D:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\system32\wbem\unsecapp.exe D:\Program Files\Microsoft Office\Office10 Tools\Office10\msoffice.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://www.google.co.uk uDefault_Page_URL = hxxp://www.google.co.uk TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [PSQLLauncher] "d:\program files\protector suite ql\launcher.exe" /startup mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [updatePDRShortCut] "d:\program files\powerdirector\powerdirector\muitransfer\muistartmenu.exe" "d:\program files\powerdirector\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10 tools\office10\OSA.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - d:\program files\microsoft money\system\mnyviewer.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{61B9B49E-D410-4CED-9CEE-91A6F6181FE0} : DhcpNameServer = 192.168.1.254 Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - d:\program files\libronix dls\system\FileProt.dll Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - d:\program files\libronix dls\system\ResProt.dll Notify: psfus - c:\windows\system32\psqlpwd.dll LSA: Notification Packages = scecli psqlpwd . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-3 21504] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688] R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-1-10 44784] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] R3 smscir;SMSCIR Infrared Receiver;c:\windows\system32\drivers\smscir.sys [2007-12-5 62752] R3 ttv500x;TOSHIBA PCI TV Tuner(x86);c:\windows\system32\drivers\ttv500x.sys [2007-12-5 322816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-2-8 16456] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-2-8 11088] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-22 11:42:32 -------- d-----w- C:\Windows Home Server Drivers for Restore 2012-06-22 11:29:23 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 11:28:52 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 11:28:42 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 11:28:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 11:27:30 -------- d-----w- c:\program files\Oracle 2012-06-22 11:24:37 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-22 10:43:22 -------- d-----w- c:\users\chris burson\appdata\local\temp 2012-06-22 10:37:55 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-22 10:27:11 98816 ----a-w- c:\windows\sed.exe 2012-06-22 10:27:11 518144 ----a-w- c:\windows\SWREG.exe 2012-06-22 10:27:11 256000 ----a-w- c:\windows\PEV.exe 2012-06-22 10:27:11 208896 ----a-w- c:\windows\MBR.exe 2012-06-22 10:27:06 -------- d-----w- C:\ComboFix 2012-06-21 16:24:39 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2dc12d9e-779d-4fdd-a361-868f10215db0}\mpengine.dll 2012-06-18 07:39:44 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-06-14 08:02:35 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 08:02:35 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 08:02:35 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 08:02:15 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 08:02:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:36:45 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d70a1e-70e5-462a-be7d-a2244b612401}\gapaengine.dll 2012-06-13 09:38:21 -------- d-----w- c:\program files\PDFCreator 2012-06-12 11:22:17 -------- d-----w- c:\users\chris burson\appdata\roaming\Kodak . ==================== Find3M ==================== . 2012-06-22 09:28:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 09:28:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 10:03:51.58 =============== ComboFix 12-06-21.03 - Chris Burson 22/06/2012 11:30:06.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1800 [GMT 1:00] Running from: c:\users\Chris Burson\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af} c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}\@ c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}\n c:\users\Chris Burson\GoToAssistDownloadHelper.exe c:\windows\Installer\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af} c:\windows\jestertb.dll c:\windows\security\Database\tmp.edb c:\windows\system32\spool\prtprocs\w32x86\BRPPROC.DLL . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))) . . 2012-06-22 10:35 . 2012-06-22 10:35 -------- d-----w- c:\users\Mcx2\AppData\Local\temp 2012-06-22 10:35 . 2012-06-22 10:35 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-06-22 09:39 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-21 16:24 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC12D9E-779D-4FDD-A361-868F10215DB0}\mpengine.dll 2012-06-18 07:39 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-14 08:02 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 08:02 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 08:02 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 08:02 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 08:02 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 11:36 . 2012-02-13 08:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5D70A1E-70E5-462A-BE7D-A2244B612401}\gapaengine.dll 2012-06-13 09:38 . 2012-06-13 09:38 -------- d-----w- c:\program files\PDFCreator 2012-06-12 11:22 . 2012-06-12 11:22 -------- d-----w- c:\users\Chris Burson\AppData\Roaming\Kodak . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-22 09:28 . 2012-04-10 13:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 09:28 . 2011-06-03 08:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-03 08:16 . 2012-05-12 08:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 08:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 08:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-29 13:39 . 2012-05-12 08:11 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-03-28 08:02 . 2012-03-28 08:02 82104 ----a-w- c:\windows\system32\NicInE6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-11-14 11:22 3186440 ----a-w- d:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-11-14 11:22 3186440 ----a-w- d:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-02 833072] "PSQLLauncher"="d:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336] "UpdatePDRShortCut"="d:\program files\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872] "Skytel"="Skytel.exe" [2007-04-04 1822720] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-01 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8501792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-01 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2008-7-23 427336] Microsoft Office.lnk - d:\program files\Microsoft Office\Office10 Tools\Office10\OSA.EXE [2010-6-25 83360] Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-11-5 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-11-14 11:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3469518139-1120787449-2283880736-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000003 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:36] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(840) c:\windows\system32\psqlpwd.dll d:\program files\Protector Suite QL\homefus2.dll d:\program files\Protector Suite QL\infql2.dll . - - - - - - - > 'Explorer.exe'(3408) d:\program files\Protector Suite QL\farchns.dll d:\program files\Protector Suite QL\infql2.dll d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\PhoneBrowser.dll d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\NGSCM.DLL d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\brsvc01a.exe c:\windows\system32\brss01a.exe d:\program files\Protector Suite QL\upeksvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehsched.exe c:\program files\Windows Home Server\esClient.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Windows Home Server\WHSConnector.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-06-22 11:43:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-22 10:43 . Pre-Run: 54,777,167,872 bytes free Post-Run: 55,524,954,112 bytes free . - - End Of File - - 65A0CA5B0099087C5E2440B2C0C2A194 mbam-log-2012-06-22 (10-39-48).txt Attach DDS2.txt TDSSKiller.2.7.41.0_22.06.2012_11.23.27_log.txt
- June 26, 2012
- 42 replies

Events

Profiles

Forums

Everything posted by ChrisOfTheOT

Important Information