My Desktop computer was infected by malware now my laptop is also infected

JJMAC · June 17, 2012

Halo

A scan carried out on my Laptop found two virus issues

1. PC Performer_GG.exe.exe (PUP.Bundleinstaller.IB) &

2. Temporary Internet file\Silverlight.exe (Trojan Agent). Both items were quarantined and removed. McAfee Internet Security did not detect either item.

Please advise

Has item (1) been completely removed ie. no hidden backdoor left?

Item (2) I googled Silverlight.exe for information thereon and received a Yahoo answer: if it is Silverlight.exe it is OK , Microsoft installed it when you got updates. If it is SILVERLIGHT.EXE (all in CAPS) it is malware. I assume that the information by Yahoo is incorrect and that silverlight.exe in lower case is in fact a Trojan. If so has a backdoor been left? Is there any way to chcck for the presence of hidden backdoors?

My desktop computer has been infected with internet security.ink and I have taken it out of service until I get round to reformating its hard disk and reinstalling Windows Vista.

Many thanks

JJMAC

Ps I am not sure if I have been able to attasch the log file correctly

Maurice Naggar · June 17, 2012

Hello JJMAC

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please Copy & Paste contents of the following logs into main body of your next reply:

DDS.txt

Attach.txt

Question for you: Is "this system" the same as the one that had security link malware http://forums.malwarebytes.org/index.php?showtopic=108868 ??

Edited June 17, 2012 by Maurice Naggar

JJMAC · June 19, 2012

Hallo Maurice

Many thanks for your prompt reply.

As instructed I downloaded DDS and saved it to my desktop. I changed my antivirus program from mcafee internet security to Trend Micro Titanium about 4 weeks ago. In the Trent Micro program I added \desktop\dds.scr to the exception list in which scans and other kinds of monitoring are ignored. After running dds.scr two log files namely (1)DDS.TXT and (2) ATTACH.TXT were created & shown in the DDS window. However, when I closed the DDS window only the DDS log file opened.

There must be something amiss somewhere. Does Malwarebytes have a script blocker? For what it is worth here is the DDS log file.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by John at 11:58:27 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.888 [GMT 1:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\Microsoft Money\System\Money Express.exe

C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\SiteRanker\SiteRankTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PC Cleaners\PCCleaners.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en

uDefault_Page_URL = hxxp://toshiba.msn.com

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mWinlogon: Userinit=userinit.exe,

BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"

uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [siteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL

BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO-X64: WiseConvert - No File

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun-x64: [siteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]

R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]

R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 257696]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-14 16:15:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 16:15:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 16:15:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 16:15:18 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 16:15:15 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 16:15:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 16:15:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 16:15:04 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 16:14:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 16:14:56 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 16:14:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 16:14:37 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 16:14:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 16:14:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 16:14:36 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 16:14:36 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 16:14:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 13:39:18 -------- d-----w- C:\Users\John\AppData\Roaming\iolo

2012-06-12 13:39:18 -------- d-----w- C:\ProgramData\iolo

2012-05-24 13:18:27 -------- d-----w- C:\Users\John\AppData\Local\VS Revo Group

2012-05-24 13:17:57 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2012-05-24 13:17:54 -------- d-----w- C:\Program Files\VS Revo Group

2012-05-24 10:19:11 -------- d-----w- C:\Program Files (x86)\PC Cleaners

2012-05-23 19:07:34 -------- d-----w- C:\Users\John\AppData\Roaming\PC Cleaners

2012-05-23 19:07:02 -------- d-----w- C:\Users\John\AppData\Roaming\PCPro

2012-05-23 19:06:59 4101392 ----a-w- C:\Windows\uninst.exe

2012-05-23 19:06:53 -------- d-----w- C:\ProgramData\PC1Data

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-10 11:25:46 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat

2012-05-09 21:53:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-09 21:53:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 17:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-04-04 17:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 11:59:39.54 ===============

You asked if this system is the same as the one that had security.ink malware? The security.ink infection (howtopic=108868)was on my Desktop. This infection is on my laptop. Both computers are connected to my home network through a router. The laptop was infrequently used prior to the infection of the desktop. It has been in daily use since then. I don’t think that the laptop infection has a connection with the desktop one. The laptop shows no symptoms of infection, it is fast and runs smoothly unlike my desktop which in recent months had become painfully slow with frequent hang ups until security ink prevented every program from even starting. My antivirus provider failed to detect infection in either computer and kept assuring me that I was fully protected, that my computers were secure. I don’t know how long the two infections have been on my laptop but had the infection on my desktop not become acute I have no doubt that, with a false sense of security, I would continue using my laptop in blissful ignorance of the risks I was taking.

Regarding the Attach.txt log. I did get a message saying that Attach.txt had been created but I was unable to open its log. I have searched everywhere on the computer for Attach.txt and the file was not found. I have repeated the whole procedure a number of times with the same result. It is strange that the dds log file opened OK . Have you any suggestions as to how I might resolve this issue?

Kind Regards

JJMAC

Maurice Naggar · June 19, 2012

While I review your last log, don't sweat the Attach.txt log

but it should be in the same location as the DDS.txt (and if you have DDS.scr on the Desktop, that is where the 2 logs would be).

NO, MBAM does not have a script blocker. When we use the term "script blocker" in our initial responses, we mean or refer to the ones that may be in your antivirus program or security program.

Maurice Naggar · June 19, 2012

What is this "Inbox Toolbar" ??

What is this "PC Cleaners" ??

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

the contents of aswMBR report;
the contents of TDSSKILLER log;
the contents of GMER log;
the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

JJMAC · June 23, 2012

Many thanks Maurice for your further help.

The following are the aswMBA report & the TDSSKiller log.

I request a little help with steps 5&6. Please.

In step5 where I am instructed to go Here and click the Download exe button & save the file to ARK folder. When I click on Here a new window opens entitled View Downloads-Windows -Internet Explorer . I don’t see a Download exe button. Three files with a run button, ug8ig8q2.exe, tdsskiller.exe & aswMBR.exe are listed therein in addition to OTL.exe which had two buttons, one for run and one for save. I clicked on the save button and got a warning message to say that this program is not commonly downloaded and could harm your computer. Not knowing precisely what I was about I decided to proceed no further until I received clarification of the proceedure.

I may also have a problem with step6. When I click on the OTL.exe link the view downloads box as in step5 reopens. Is that the correct response?. Where will I find the Windows7 icon.?

I am sorry if I am asking stupid questions but at 82+ I am not as sharp as I once was.

Thanks in anticipation,

JJMAC

AswMBR Report

Run date: 2012-06-22 15:20:16

-----------------------------

15:20:16.607 OS Version: Windows x64 6.1.7601 Service Pack 1

15:20:16.607 Number of processors: 1 586 0x170A

15:20:16.607 ComputerName: JOHN-TOSH UserName: John

15:20:20.289 Initialize success

15:20:29.196 AVAST engine defs: 12062101

15:21:38.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:21:38.788 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3

15:21:38.803 Disk 0 MBR read successfully

15:21:38.803 Disk 0 MBR scan

15:21:38.819 Disk 0 Windows 7 default MBR code

15:21:38.835 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048

15:21:38.850 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248

15:21:38.881 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296

15:21:38.944 Disk 0 scanning C:\Windows\system32\drivers

15:22:03.077 Service scanning

15:22:36.929 Modules scanning

15:22:36.929 Scan finished successfully

15:25:35.783 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"

15:25:35.799 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Note: On completion of the scan the fix button was not enabled.

TDSSKiller log

19:22:08.0939 1584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

19:22:09.0500 1584 ============================================================

19:22:09.0500 1584 Current date / time: 2012/06/22 19:22:09.0500

19:22:09.0500 1584 SystemInfo:

19:22:09.0500 1584

19:22:09.0500 1584 OS Version: 6.1.7601 ServicePack: 1.0

19:22:09.0500 1584 Product type: Workstation

19:22:09.0500 1584 ComputerName: JOHN-TOSH

19:22:09.0500 1584 UserName: John

19:22:09.0500 1584 Windows directory: C:\Windows

19:22:09.0500 1584 System windows directory: C:\Windows

19:22:09.0500 1584 Running under WOW64

19:22:09.0500 1584 Processor architecture: Intel x64

19:22:09.0500 1584 Number of processors: 1

19:22:09.0500 1584 Page size: 0x1000

19:22:09.0500 1584 Boot type: Normal boot

19:22:09.0500 1584 ============================================================

19:22:09.0968 1584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:22:09.0968 1584 ============================================================

19:22:09.0968 1584 \Device\Harddisk0\DR0:

19:22:09.0968 1584 MBR partitions:

19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800

19:22:09.0968 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170

19:22:09.0968 1584 ============================================================

19:22:10.0000 1584 C: <-> \Device\Harddisk0\DR0\Partition0

19:22:10.0046 1584 D: <-> \Device\Harddisk0\DR0\Partition1

19:22:10.0046 1584 ============================================================

19:22:10.0046 1584 Initialize success

19:22:10.0046 1584 ============================================================

19:23:16.0300 3524 ============================================================

19:23:16.0300 3524 Scan started

19:23:16.0300 3524 Mode: Manual; SigCheck; TDLFS;

19:23:16.0300 3524 ============================================================

19:23:17.0548 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:23:17.0641 3524 1394ohci - ok

19:23:17.0719 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:23:17.0750 3524 ACPI - ok

19:23:17.0813 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:23:17.0844 3524 AcpiPmi - ok

19:23:18.0000 3524 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:23:18.0016 3524 AdobeFlashPlayerUpdateSvc - ok

19:23:18.0094 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:23:18.0140 3524 adp94xx - ok

19:23:18.0203 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:23:18.0234 3524 adpahci - ok

19:23:18.0265 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:23:18.0281 3524 adpu320 - ok

19:23:18.0343 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:23:18.0390 3524 AeLookupSvc - ok

19:23:18.0452 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:23:18.0499 3524 AFD - ok

19:23:18.0546 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:23:18.0562 3524 agp440 - ok

19:23:18.0624 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:23:18.0640 3524 ALG - ok

19:23:18.0702 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:23:18.0718 3524 aliide - ok

19:23:18.0749 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:23:18.0780 3524 amdide - ok

19:23:18.0811 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:23:18.0842 3524 AmdK8 - ok

19:23:18.0858 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:23:18.0889 3524 AmdPPM - ok

19:23:18.0952 3524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:23:18.0983 3524 amdsata - ok

19:23:19.0014 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:23:19.0030 3524 amdsbs - ok

19:23:19.0092 3524 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:23:19.0108 3524 amdxata - ok

19:23:19.0295 3524 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

19:23:19.0342 3524 Amsp - ok

19:23:19.0388 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:23:19.0451 3524 AppID - ok

19:23:19.0498 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:23:19.0544 3524 AppIDSvc - ok

19:23:19.0622 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:23:19.0669 3524 Appinfo - ok

19:23:19.0716 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:23:19.0732 3524 arc - ok

19:23:19.0747 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:23:19.0778 3524 arcsas - ok

19:23:19.0810 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:23:19.0856 3524 AsyncMac - ok

19:23:19.0903 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:23:19.0919 3524 atapi - ok

19:23:20.0028 3524 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

19:23:20.0075 3524 athr - ok

19:23:20.0215 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:23:20.0309 3524 AudioEndpointBuilder - ok

19:23:20.0324 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:23:20.0387 3524 AudioSrv - ok

19:23:20.0465 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:23:20.0496 3524 AxInstSV - ok

19:23:20.0574 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:23:20.0621 3524 b06bdrv - ok

19:23:20.0683 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:23:20.0714 3524 b57nd60a - ok

19:23:21.0136 3524 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

19:23:21.0182 3524 BBSvc - ok

19:23:21.0276 3524 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

19:23:21.0292 3524 BBUpdate - ok

19:23:21.0370 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:23:21.0401 3524 BDESVC - ok

19:23:21.0463 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:23:21.0510 3524 Beep - ok

19:23:21.0588 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:23:21.0650 3524 BFE - ok

19:23:21.0822 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:23:21.0900 3524 BITS - ok

19:23:21.0947 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:23:21.0978 3524 blbdrive - ok

19:23:22.0025 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:23:22.0056 3524 bowser - ok

19:23:22.0087 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:23:22.0118 3524 BrFiltLo - ok

19:23:22.0118 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:23:22.0150 3524 BrFiltUp - ok

19:23:22.0181 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:23:22.0228 3524 Browser - ok

19:23:22.0399 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:23:22.0446 3524 Brserid - ok

19:23:22.0462 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:23:22.0493 3524 BrSerWdm - ok

19:23:22.0508 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:23:22.0540 3524 BrUsbMdm - ok

19:23:22.0555 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:23:22.0571 3524 BrUsbSer - ok

19:23:22.0586 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:23:22.0618 3524 BTHMODEM - ok

19:23:22.0680 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:23:22.0727 3524 bthserv - ok

19:23:22.0836 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:23:22.0883 3524 cdfs - ok

19:23:22.0945 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

19:23:22.0976 3524 cdrom - ok

19:23:23.0023 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:23:23.0070 3524 CertPropSvc - ok

19:23:23.0195 3524 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

19:23:23.0226 3524 cfWiMAXService - ok

19:23:23.0257 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:23:23.0288 3524 circlass - ok

19:23:23.0351 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:23:23.0366 3524 CLFS - ok

19:23:23.0429 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:23:23.0444 3524 clr_optimization_v2.0.50727_32 - ok

19:23:23.0491 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:23:23.0522 3524 clr_optimization_v2.0.50727_64 - ok

19:23:23.0632 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:23:23.0647 3524 clr_optimization_v4.0.30319_32 - ok

19:23:23.0678 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:23:23.0694 3524 clr_optimization_v4.0.30319_64 - ok

19:23:23.0725 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:23:23.0756 3524 CmBatt - ok

19:23:23.0788 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:23:23.0803 3524 cmdide - ok

19:23:23.0866 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:23:23.0912 3524 CNG - ok

19:23:23.0990 3524 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys

19:23:24.0037 3524 CnxtHdAudService - ok

19:23:24.0068 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:23:24.0084 3524 Compbatt - ok

19:23:24.0146 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:23:24.0178 3524 CompositeBus - ok

19:23:24.0209 3524 COMSysApp - ok

19:23:24.0287 3524 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

19:23:24.0302 3524 ConfigFree Service - ok

19:23:24.0349 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:23:24.0365 3524 crcdisk - ok

19:23:24.0427 3524 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:23:24.0458 3524 CryptSvc - ok

19:23:24.0536 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:23:24.0583 3524 DcomLaunch - ok

19:23:24.0958 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:23:25.0020 3524 defragsvc - ok

19:23:25.0067 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:23:25.0114 3524 DfsC - ok

19:23:25.0176 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:23:25.0223 3524 Dhcp - ok

19:23:25.0285 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:23:25.0332 3524 discache - ok

19:23:25.0379 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:23:25.0394 3524 Disk - ok

19:23:25.0457 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:23:25.0472 3524 Dnscache - ok

19:23:25.0550 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:23:25.0597 3524 dot3svc - ok

19:23:25.0691 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:23:25.0738 3524 DPS - ok

19:23:25.0800 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:23:25.0831 3524 drmkaud - ok

19:23:25.0909 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:23:25.0956 3524 DXGKrnl - ok

19:23:26.0003 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:23:26.0065 3524 EapHost - ok

19:23:26.0221 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:23:26.0346 3524 ebdrv - ok

19:23:26.0471 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:23:26.0502 3524 EFS - ok

19:23:26.0596 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:23:26.0642 3524 ehRecvr - ok

19:23:26.0674 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:23:26.0705 3524 ehSched - ok

19:23:26.0767 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:23:26.0814 3524 elxstor - ok

19:23:26.0845 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:23:26.0876 3524 ErrDev - ok

19:23:26.0986 3524 esgiguard - ok

19:23:27.0282 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:23:27.0344 3524 EventSystem - ok

19:23:27.0391 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:23:27.0438 3524 exfat - ok

19:23:27.0469 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:23:27.0516 3524 fastfat - ok

19:23:27.0610 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:23:27.0656 3524 Fax - ok

19:23:27.0672 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:23:27.0703 3524 fdc - ok

19:23:27.0750 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:23:27.0812 3524 fdPHost - ok

19:23:27.0828 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:23:27.0875 3524 FDResPub - ok

19:23:27.0906 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:23:27.0922 3524 FileInfo - ok

19:23:27.0953 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:23:28.0000 3524 Filetrace - ok

19:23:28.0031 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:23:28.0078 3524 flpydisk - ok

19:23:28.0140 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:23:28.0171 3524 FltMgr - ok

19:23:28.0280 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:23:28.0312 3524 FontCache - ok

19:23:28.0405 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:23:28.0421 3524 FontCache3.0.0.0 - ok

19:23:28.0468 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:23:28.0483 3524 FsDepends - ok

19:23:28.0514 3524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:23:28.0530 3524 Fs_Rec - ok

19:23:28.0592 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:23:28.0624 3524 fvevol - ok

19:23:28.0686 3524 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys

19:23:28.0702 3524 FwLnk - ok

19:23:28.0795 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:23:28.0811 3524 gagp30kx - ok

19:23:28.0904 3524 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

19:23:28.0936 3524 GameConsoleService - ok

19:23:29.0029 3524 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

19:23:29.0045 3524 GoogleDesktopManager-051210-111108 - ok

19:23:29.0138 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:23:29.0185 3524 gpsvc - ok

19:23:29.0294 3524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:23:29.0310 3524 gupdate - ok

19:23:29.0341 3524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:23:29.0357 3524 gupdatem - ok

19:23:29.0404 3524 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:23:29.0419 3524 gusvc - ok

19:23:29.0513 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:23:29.0544 3524 hcw85cir - ok

19:23:29.0622 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:23:29.0653 3524 HdAudAddService - ok

19:23:29.0700 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:23:29.0731 3524 HDAudBus - ok

19:23:29.0778 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:23:29.0794 3524 HidBatt - ok

19:23:29.0809 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:23:29.0840 3524 HidBth - ok

19:23:29.0856 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:23:29.0872 3524 HidIr - ok

19:23:29.0918 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:23:29.0965 3524 hidserv - ok

19:23:30.0028 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

19:23:30.0043 3524 HidUsb - ok

19:23:30.0090 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:23:30.0137 3524 hkmsvc - ok

19:23:30.0184 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:23:30.0215 3524 HomeGroupListener - ok

19:23:30.0262 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:23:30.0277 3524 HomeGroupProvider - ok

19:23:30.0340 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:23:30.0355 3524 HpSAMD - ok

19:23:30.0418 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:23:30.0480 3524 HTTP - ok

19:23:30.0511 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:23:30.0527 3524 hwpolicy - ok

19:23:30.0558 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:23:30.0574 3524 i8042prt - ok

19:23:30.0636 3524 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

19:23:30.0652 3524 iaStor - ok

19:23:30.0730 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:23:30.0745 3524 iaStorV - ok

19:23:30.0886 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:23:30.0901 3524 idsvc - ok

19:23:31.0369 3524 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:23:31.0541 3524 igfx - ok

19:23:31.0650 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:23:31.0666 3524 iirsp - ok

19:23:31.0744 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:23:31.0806 3524 IKEEXT - ok

19:23:31.0853 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:23:31.0868 3524 intelide - ok

19:23:31.0915 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:23:31.0946 3524 intelppm - ok

19:23:32.0024 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:23:32.0087 3524 IPBusEnum - ok

19:23:32.0274 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:23:32.0321 3524 IpFilterDriver - ok

19:23:32.0648 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:23:32.0711 3524 iphlpsvc - ok

19:23:32.0820 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:23:32.0851 3524 IPMIDRV - ok

19:23:33.0007 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:23:33.0054 3524 IPNAT - ok

19:23:33.0101 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:23:33.0132 3524 IRENUM - ok

19:23:33.0163 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:23:33.0179 3524 isapnp - ok

19:23:33.0241 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:23:33.0257 3524 iScsiPrt - ok

19:23:33.0304 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:23:33.0319 3524 kbdclass - ok

19:23:33.0350 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

19:23:33.0382 3524 kbdhid - ok

19:23:33.0428 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:33.0460 3524 KeyIso - ok

19:23:33.0491 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:23:33.0522 3524 KSecDD - ok

19:23:33.0569 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:23:33.0584 3524 KSecPkg - ok

19:23:33.0631 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:23:33.0694 3524 ksthunk - ok

19:23:33.0756 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:23:33.0803 3524 KtmRm - ok

19:23:33.0850 3524 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys

19:23:33.0865 3524 L1C - ok

19:23:33.0928 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:23:33.0974 3524 LanmanServer - ok

19:23:34.0021 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:23:34.0068 3524 LanmanWorkstation - ok

19:23:34.0099 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:23:34.0146 3524 lltdio - ok

19:23:34.0193 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:23:34.0240 3524 lltdsvc - ok

19:23:34.0255 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:23:34.0318 3524 lmhosts - ok

19:23:34.0364 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:23:34.0380 3524 LSI_FC - ok

19:23:34.0396 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:23:34.0427 3524 LSI_SAS - ok

19:23:34.0442 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:23:34.0458 3524 LSI_SAS2 - ok

19:23:34.0489 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:23:34.0505 3524 LSI_SCSI - ok

19:23:34.0645 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:23:34.0708 3524 luafv - ok

19:23:34.0879 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:23:34.0910 3524 Mcx2Svc - ok

19:23:34.0957 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:23:34.0988 3524 megasas - ok

19:23:35.0082 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:23:35.0098 3524 MegaSR - ok

19:23:35.0144 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:23:35.0191 3524 MMCSS - ok

19:23:35.0222 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:23:35.0285 3524 Modem - ok

19:23:35.0300 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:23:35.0332 3524 monitor - ok

19:23:35.0378 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

19:23:35.0394 3524 mouclass - ok

19:23:35.0425 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:23:35.0441 3524 mouhid - ok

19:23:35.0488 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:23:35.0503 3524 mountmgr - ok

19:23:35.0550 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:23:35.0566 3524 mpio - ok

19:23:35.0597 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:23:35.0644 3524 mpsdrv - ok

19:23:35.0722 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:23:35.0784 3524 MpsSvc - ok

19:23:35.0815 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:23:35.0846 3524 MRxDAV - ok

19:23:35.0893 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:23:35.0924 3524 mrxsmb - ok

19:23:35.0971 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:23:36.0002 3524 mrxsmb10 - ok

19:23:36.0034 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:23:36.0065 3524 mrxsmb20 - ok

19:23:36.0112 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:23:36.0127 3524 msahci - ok

19:23:36.0174 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:23:36.0190 3524 msdsm - ok

19:23:36.0221 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:23:36.0252 3524 MSDTC - ok

19:23:36.0299 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:23:36.0361 3524 Msfs - ok

19:23:36.0392 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:23:36.0439 3524 mshidkmdf - ok

19:23:36.0470 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:23:36.0486 3524 msisadrv - ok

19:23:36.0533 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:23:36.0580 3524 MSiSCSI - ok

19:23:36.0595 3524 MSIServer - ok

19:23:36.0626 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:23:36.0673 3524 MSKSSRV - ok

19:23:36.0689 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:23:36.0751 3524 MSPCLOCK - ok

19:23:36.0751 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:23:36.0814 3524 MSPQM - ok

19:23:37.0110 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:23:37.0126 3524 MsRPC - ok

19:23:37.0219 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:23:37.0235 3524 mssmbios - ok

19:23:37.0282 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:23:37.0328 3524 MSTEE - ok

19:23:37.0344 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:23:37.0360 3524 MTConfig - ok

19:23:37.0422 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:23:37.0453 3524 Mup - ok

19:23:37.0796 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:23:37.0859 3524 napagent - ok

19:23:37.0906 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:23:37.0937 3524 NativeWifiP - ok

19:23:38.0093 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:23:38.0124 3524 NDIS - ok

19:23:38.0171 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:23:38.0202 3524 NdisCap - ok

19:23:38.0249 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:23:38.0280 3524 NdisTapi - ok

19:23:38.0327 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:23:38.0374 3524 Ndisuio - ok

19:23:38.0420 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:23:38.0467 3524 NdisWan - ok

19:23:38.0498 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:23:38.0545 3524 NDProxy - ok

19:23:38.0670 3524 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

19:23:38.0701 3524 Nero BackItUp Scheduler 4.0 - ok

19:23:38.0748 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:23:38.0795 3524 NetBIOS - ok

19:23:38.0842 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:23:38.0888 3524 NetBT - ok

19:23:38.0935 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:38.0951 3524 Netlogon - ok

19:23:39.0013 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:23:39.0076 3524 Netman - ok

19:23:39.0107 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:23:39.0169 3524 netprofm - ok

19:23:39.0263 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:23:39.0294 3524 NetTcpPortSharing - ok

19:23:39.0325 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:23:39.0341 3524 nfrd960 - ok

19:23:39.0403 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:23:39.0466 3524 NlaSvc - ok

19:23:39.0544 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:23:39.0606 3524 Npfs - ok

19:23:39.0653 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:23:39.0715 3524 nsi - ok

19:23:39.0731 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:23:39.0793 3524 nsiproxy - ok

19:23:40.0433 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:23:40.0480 3524 Ntfs - ok

19:23:40.0604 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:23:40.0651 3524 Null - ok

19:23:40.0714 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:23:40.0729 3524 nvraid - ok

19:23:40.0760 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:23:40.0776 3524 nvstor - ok

19:23:40.0823 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:23:40.0838 3524 nv_agp - ok

19:23:40.0870 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:23:40.0901 3524 ohci1394 - ok

19:23:40.0948 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:40.0963 3524 p2pimsvc - ok

19:23:41.0026 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:23:41.0057 3524 p2psvc - ok

19:23:41.0088 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:23:41.0119 3524 Parport - ok

19:23:41.0166 3524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:23:41.0182 3524 partmgr - ok

19:23:41.0213 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:23:41.0244 3524 PcaSvc - ok

19:23:41.0291 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:23:41.0306 3524 pci - ok

19:23:41.0338 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:23:41.0353 3524 pciide - ok

19:23:41.0384 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:23:41.0416 3524 pcmcia - ok

19:23:41.0431 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:23:41.0447 3524 pcw - ok

19:23:41.0478 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:23:41.0540 3524 PEAUTH - ok

19:23:41.0946 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:23:41.0962 3524 PerfHost - ok

19:23:42.0102 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:23:42.0164 3524 pla - ok

19:23:42.0227 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:23:42.0258 3524 PlugPlay - ok

19:23:42.0289 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:23:42.0305 3524 PNRPAutoReg - ok

19:23:42.0352 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:23:42.0383 3524 PNRPsvc - ok

19:23:42.0445 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:23:42.0492 3524 PolicyAgent - ok

19:23:42.0539 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:23:42.0586 3524 Power - ok

19:23:42.0664 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:23:42.0710 3524 PptpMiniport - ok

19:23:42.0742 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:23:42.0773 3524 Processor - ok

19:23:42.0835 3524 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:23:42.0851 3524 ProfSvc - ok

19:23:42.0898 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:42.0929 3524 ProtectedStorage - ok

19:23:42.0976 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:23:43.0022 3524 Psched - ok

19:23:43.0100 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:23:43.0147 3524 ql2300 - ok

19:23:43.0459 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:23:43.0475 3524 ql40xx - ok

19:23:43.0740 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:23:43.0771 3524 QWAVE - ok

19:23:43.0787 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:23:43.0818 3524 QWAVEdrv - ok

19:23:43.0834 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:23:43.0896 3524 RasAcd - ok

19:23:43.0943 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:23:43.0990 3524 RasAgileVpn - ok

19:23:44.0114 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:23:44.0161 3524 RasAuto - ok

19:23:44.0192 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:23:44.0239 3524 Rasl2tp - ok

19:23:44.0426 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:23:44.0473 3524 RasMan - ok

19:23:44.0520 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:23:44.0567 3524 RasPppoe - ok

19:23:44.0582 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:23:44.0629 3524 RasSstp - ok

19:23:44.0926 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:23:44.0988 3524 rdbss - ok

19:23:45.0035 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:23:45.0050 3524 rdpbus - ok

19:23:45.0082 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:23:45.0128 3524 RDPCDD - ok

19:23:45.0160 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:23:45.0206 3524 RDPENCDD - ok

19:23:45.0222 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:23:45.0269 3524 RDPREFMP - ok

19:23:45.0316 3524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:23:45.0347 3524 RDPWD - ok

19:23:45.0394 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:23:45.0425 3524 rdyboost - ok

19:23:45.0456 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:23:45.0518 3524 RemoteAccess - ok

19:23:45.0550 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:23:45.0596 3524 RemoteRegistry - ok

19:23:45.0643 3524 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys

19:23:45.0659 3524 Revoflt - ok

19:23:45.0706 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:23:45.0752 3524 RpcEptMapper - ok

19:23:45.0784 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:23:45.0815 3524 RpcLocator - ok

19:23:45.0877 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:23:45.0924 3524 RpcSs - ok

19:23:45.0971 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:23:46.0018 3524 rspndr - ok

19:23:46.0096 3524 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

19:23:46.0127 3524 RSUSBSTOR - ok

19:23:46.0174 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:46.0189 3524 SamSs - ok

19:23:46.0220 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:23:46.0236 3524 sbp2port - ok

19:23:46.0267 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:23:46.0314 3524 SCardSvr - ok

19:23:46.0361 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:23:46.0408 3524 scfilter - ok

19:23:46.0798 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:23:46.0860 3524 Schedule - ok

19:23:46.0907 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:23:46.0954 3524 SCPolicySvc - ok

19:23:46.0969 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:23:47.0000 3524 SDRSVC - ok

19:23:47.0078 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:23:47.0125 3524 secdrv - ok

19:23:47.0156 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:23:47.0203 3524 seclogon - ok

19:23:47.0234 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:23:47.0281 3524 SENS - ok

19:23:47.0328 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:23:47.0344 3524 SensrSvc - ok

19:23:47.0390 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:23:47.0406 3524 Serenum - ok

19:23:47.0437 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:23:47.0453 3524 Serial - ok

19:23:47.0515 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:23:47.0531 3524 sermouse - ok

19:23:47.0578 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:23:47.0624 3524 SessionEnv - ok

19:23:47.0671 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:23:47.0687 3524 sffdisk - ok

19:23:47.0718 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:23:47.0749 3524 sffp_mmc - ok

19:23:47.0780 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:23:47.0796 3524 sffp_sd - ok

19:23:47.0827 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:23:47.0858 3524 sfloppy - ok

19:23:47.0921 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:23:47.0968 3524 SharedAccess - ok

19:23:48.0014 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:23:48.0077 3524 ShellHWDetection - ok

19:23:48.0092 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:23:48.0108 3524 SiSRaid2 - ok

19:23:48.0155 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:23:48.0170 3524 SiSRaid4 - ok

19:23:48.0217 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:23:48.0264 3524 Smb - ok

19:23:48.0326 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:23:48.0342 3524 SNMPTRAP - ok

19:23:48.0389 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:23:48.0404 3524 spldr - ok

19:23:48.0529 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:23:48.0592 3524 Spooler - ok

19:23:48.0794 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:23:48.0872 3524 sppsvc - ok

19:23:48.0997 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:23:49.0044 3524 sppuinotify - ok

19:23:49.0106 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:23:49.0138 3524 srv - ok

19:23:49.0185 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:23:49.0216 3524 srv2 - ok

19:23:49.0247 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:23:49.0278 3524 srvnet - ok

19:23:49.0325 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:23:49.0372 3524 SSDPSRV - ok

19:23:49.0403 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:23:49.0465 3524 SstpSvc - ok

19:23:49.0497 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:23:49.0512 3524 stexstor - ok

19:23:49.0606 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:23:49.0637 3524 stisvc - ok

19:23:49.0668 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:23:49.0684 3524 swenum - ok

19:23:49.0746 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:23:49.0824 3524 swprv - ok

19:23:49.0871 3524 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

19:23:49.0902 3524 SynTP - ok

19:23:50.0043 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:23:50.0121 3524 SysMain - ok

19:23:50.0245 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:23:50.0292 3524 TabletInputService - ok

19:23:50.0339 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:23:50.0401 3524 TapiSrv - ok

19:23:50.0448 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:23:50.0511 3524 TBS - ok

19:23:50.0698 3524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:23:50.0745 3524 Tcpip - ok

19:23:50.0932 3524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:23:50.0994 3524 TCPIP6 - ok

19:23:51.0119 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:23:51.0150 3524 tcpipreg - ok

19:23:51.0213 3524 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

19:23:51.0228 3524 tdcmdpst - ok

19:23:51.0275 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:23:51.0291 3524 TDPIPE - ok

19:23:51.0353 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:23:51.0369 3524 TDTCP - ok

19:23:51.0415 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:23:51.0462 3524 tdx - ok

19:23:51.0634 3524 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

19:23:51.0649 3524 TemproMonitoringService - ok

19:23:51.0759 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:23:51.0774 3524 TermDD - ok

19:23:51.0837 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:23:51.0899 3524 TermService - ok

19:23:51.0930 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:23:51.0961 3524 Themes - ok

19:23:51.0993 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:23:52.0039 3524 THREADORDER - ok

19:23:52.0117 3524 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

19:23:52.0133 3524 TMachInfo - ok

19:23:52.0180 3524 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys

19:23:52.0211 3524 tmactmon - ok

19:23:52.0273 3524 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys

19:23:52.0289 3524 tmcomm - ok

19:23:52.0320 3524 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys

19:23:52.0336 3524 tmeevw - ok

19:23:52.0383 3524 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys

19:23:52.0398 3524 tmevtmgr - ok

19:23:52.0429 3524 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys

19:23:52.0445 3524 tmnciesc - ok

19:23:52.0492 3524 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys

19:23:52.0507 3524 tmtdi - ok

19:23:52.0554 3524 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

19:23:52.0585 3524 TODDSrv - ok

19:23:52.0710 3524 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

19:23:52.0726 3524 TosCoSrv - ok

19:23:52.0788 3524 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

19:23:52.0804 3524 TOSHIBA HDD SSD Alert Service - ok

19:23:52.0851 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:23:52.0913 3524 TrkWks - ok

19:23:53.0007 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:23:53.0053 3524 TrustedInstaller - ok

19:23:53.0163 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:23:53.0209 3524 tssecsrv - ok

19:23:53.0272 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:23:53.0287 3524 TsUsbFlt - ok

19:23:53.0334 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:23:53.0381 3524 tunnel - ok

19:23:53.0443 3524 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

19:23:53.0459 3524 TVALZ - ok

19:23:53.0490 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:23:53.0506 3524 uagp35 - ok

19:23:53.0958 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:23:54.0005 3524 udfs - ok

19:23:54.0083 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:23:54.0114 3524 UI0Detect - ok

19:23:54.0161 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:23:54.0192 3524 uliagpkx - ok

19:23:54.0255 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:23:54.0286 3524 umbus - ok

19:23:54.0317 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:23:54.0348 3524 UmPass - ok

19:23:54.0754 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:23:54.0816 3524 upnphost - ok

19:23:54.0957 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

19:23:54.0988 3524 usbccgp - ok

19:23:55.0035 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:23:55.0050 3524 usbcir - ok

19:23:55.0113 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:23:55.0128 3524 usbehci - ok

19:23:55.0175 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:23:55.0206 3524 usbhub - ok

19:23:55.0253 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:23:55.0269 3524 usbohci - ok

19:23:55.0315 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:23:55.0347 3524 usbprint - ok

19:23:55.0471 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:23:55.0487 3524 USBSTOR - ok

19:23:55.0534 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

19:23:55.0549 3524 usbuhci - ok

19:23:55.0752 3524 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

19:23:55.0783 3524 usbvideo - ok

19:23:55.0846 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:23:55.0893 3524 UxSms - ok

19:23:55.0986 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:23:56.0017 3524 VaultSvc - ok

19:23:56.0064 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:23:56.0095 3524 vdrvroot - ok

19:23:56.0657 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:23:56.0704 3524 vds - ok

19:23:56.0766 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:23:56.0782 3524 vga - ok

19:23:56.0860 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:23:56.0907 3524 VgaSave - ok

19:23:57.0172 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:23:57.0187 3524 vhdmp - ok

19:23:57.0234 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:23:57.0250 3524 viaide - ok

19:23:57.0375 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:23:57.0390 3524 volmgr - ok

19:23:57.0609 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:23:57.0624 3524 volmgrx - ok

19:23:57.0827 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:23:57.0858 3524 volsnap - ok

19:23:57.0889 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:23:57.0905 3524 vsmraid - ok

19:23:59.0309 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:23:59.0387 3524 VSS - ok

19:24:00.0183 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:24:00.0214 3524 vwifibus - ok

19:24:00.0245 3524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:24:00.0276 3524 vwififlt - ok

19:24:00.0292 3524 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:24:00.0323 3524 vwifimp - ok

19:24:00.0697 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:24:00.0760 3524 W32Time - ok

19:24:00.0838 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:24:00.0869 3524 WacomPen - ok

19:24:00.0931 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:24:00.0978 3524 WANARP - ok

19:24:00.0994 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:24:01.0041 3524 Wanarpv6 - ok

19:24:01.0212 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:24:01.0243 3524 WatAdminSvc - ok

19:24:01.0353 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:24:01.0399 3524 wbengine - ok

19:24:02.0304 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:24:02.0335 3524 WbioSrvc - ok

19:24:02.0616 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:24:02.0647 3524 wcncsvc - ok

19:24:02.0694 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:24:02.0725 3524 WcsPlugInService - ok

19:24:02.0819 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:24:02.0835 3524 Wd - ok

19:24:02.0975 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:24:03.0006 3524 Wdf01000 - ok

19:24:03.0131 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:24:03.0162 3524 WdiServiceHost - ok

19:24:03.0178 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:24:03.0209 3524 WdiSystemHost - ok

19:24:03.0303 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:24:03.0334 3524 WebClient - ok

19:24:03.0412 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:24:03.0459 3524 Wecsvc - ok

19:24:03.0505 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:24:03.0552 3524 wercplsupport - ok

19:24:03.0599 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:24:03.0646 3524 WerSvc - ok

19:24:03.0708 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:24:03.0755 3524 WfpLwf - ok

19:24:03.0786 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:24:03.0802 3524 WIMMount - ok

19:24:03.0864 3524 WinDefend - ok

19:24:03.0880 3524 WinHttpAutoProxySvc - ok

19:24:04.0192 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:24:04.0239 3524 Winmgmt - ok

19:24:04.0878 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:24:04.0956 3524 WinRM - ok

19:24:06.0017 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:24:06.0079 3524 Wlansvc - ok

19:24:07.0031 3524 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:24:07.0093 3524 wlidsvc - ok

19:24:07.0920 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:24:07.0951 3524 WmiAcpi - ok

19:24:08.0092 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:24:08.0170 3524 wmiApSrv - ok

19:24:08.0232 3524 WMPNetworkSvc - ok

19:24:08.0279 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:24:08.0295 3524 WPCSvc - ok

19:24:08.0466 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:24:08.0497 3524 WPDBusEnum - ok

19:24:08.0529 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:24:08.0575 3524 ws2ifsl - ok

19:24:08.0716 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:24:08.0747 3524 wscsvc - ok

19:24:08.0747 3524 WSearch - ok

19:24:10.0447 3524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

19:24:10.0510 3524 wuauserv - ok

19:24:11.0243 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:24:11.0290 3524 WudfPf - ok

19:24:11.0321 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:24:11.0368 3524 WUDFRd - ok

19:24:11.0493 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:24:11.0539 3524 wudfsvc - ok

19:24:11.0867 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:24:11.0914 3524 WwanSvc - ok

19:24:11.0976 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:24:14.0269 3524 \Device\Harddisk0\DR0 - ok

19:24:14.0301 3524 Boot (0x1200) (857adc8aa145ed29b100702fb178b13b) \Device\Harddisk0\DR0\Partition0

19:24:14.0316 3524 \Device\Harddisk0\DR0\Partition0 - ok

19:24:14.0347 3524 Boot (0x1200) (68940da91f4f91d95be816d03b3032c6) \Device\Harddisk0\DR0\Partition1

19:24:14.0347 3524 \Device\Harddisk0\DR0\Partition1 - ok

19:24:14.0363 3524 ============================================================

19:24:14.0363 3524 Scan finished

19:24:14.0363 3524 ============================================================

19:24:14.0379 3480 Detected object count: 0

19:24:14.0379 3480 Actual detected object count: 0

19:35:14.0801 3956 Deinitialize success

Edited June 24, 2012 by Maurice Naggar

Maurice Naggar · June 24, 2012

Hello,

You said

I request a little help with steps 5&6. Please.
In step5 where I am instructed to go Here and click the Download exe button & save the file to ARK folder. When I click on Here a new window opens entitled View Downloads-Windows -Internet Explorer . I don’t see a Download exe button. Three files with a run button, ug8ig8q2.exe, tdsskiller.exe & aswMBR.exe are listed therein in addition to OTL.exe

For step 5, the GMER program is the one with the "randomized" name; it is the one named ug8ig8q2.exe

Locate the program. Hopefully it should be on your Desktop. You should run it.

RIGHT-click the ug8ig8q2.exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

JJMAC · June 28, 2012

Maurice

Running through step5 again I found that the randomized name of the GMER program had changed to qh91ngy0 and was stored in my download folder (the default location for downloads on this computer). Run qh91ngy0.exe as administrator. The GMER window opens. Click Rootkill/malware, unclick registry (all items are unclicked except Services,Files & ADS) then click Scan. The scan took 20 minutes to complete.

When completed a message appeared to say GMER hasn’t found any system modification. There doesn’t appear to be any Gmer log produced to copy & save in the ARC folder.

Is the above a positive result or does it suggest a fault in the test procedure has occurred?. I think that I have followed the test procedure accurately.

Please advise

Maurice Naggar · June 29, 2012

The GMER run is likely ok. To this point things look good.

We can proceed to the OTL report and the Security Check tool.

Step 6

RE-Enable your antivirus program.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

JJMAC · July 1, 2012

Maurice the log files from step6 tests (OTL.txt,Extras.txt and Security check) are much too large for a single post. I reckon that 4 or more separate posts will be required. This is POST1

OTL.txt

(p1)

OTL logfile created on: 6/29/2012 9:54:14 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free

3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS

Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 21:52:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (3).exe

PRC - [2012/02/27 14:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

PRC - [2012/02/10 11:28:06 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/05/16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

PRC - [2010/03/03 12:47:38 | 004,581,280 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe

PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

PRC - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

PRC - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2012/02/27 14:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll

MOD - [2012/02/27 14:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll

MOD - [2011/05/09 22:08:45 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll

MOD - [1996/12/09 00:00:00 | 005,317,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

MOD - [1996/12/09 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL

MOD - [1996/12/09 00:00:00 | 001,157,904 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\WWINTL32.DLL

MOD - [1996/12/09 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

MOD - [1996/12/09 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

MOD - [1996/12/04 00:00:00 | 000,138,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Proof\MSSP232.DLL

MOD - [1996/12/04 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/29 12:02:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/11 02:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/12/04 03:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/02 21:45:04 | 000,210,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)

DRV:64bit: - [2011/08/02 21:45:04 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2011/08/02 21:45:04 | 000,067,344 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)

DRV:64bit: - [2011/07/12 12:13:40 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2011/07/12 12:13:30 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2011/07/12 12:13:20 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/04 17:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C0BD74D-01B4-4C98-9CA6-0A6110C0497A}

IE:64bit: - HKLM\..\SearchScopes\{3C0BD74D-01B4-4C98-9CA6-0A6110C0497A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52}

IE - HKLM\..\SearchScopes\{4D3C6FF1-71E0-43B4-9124-B8B15F7ABD52}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80135&lng=en

IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {70D46D94-BF1E-45ED-B567-48701376298E}

IE - HKCU\..\SearchScopes\{4620AB18-4D95-44EE-817F-728D358E17B9}: "URL" = http://rover.ebay.co...e={searchTerms}

IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://localhost:466...q={searchTerms}

IE - HKCU\..\SearchScopes\{73AF4F8A-1535-4D53-BBFE-50EA6E6440AB}: "URL" = http://uk.search.yah...p={SearchTerms}

IE - HKCU\..\SearchScopes\{AE073DB1-45B8-4428-9E30-A8376DE899B9}: "URL" = http://www.amazon.co...ed&linkCode=ur2

IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80135&lng=en

IE - HKCU\..\SearchScopes\{FEAA3532-8439-43C6-97CD-054C5632F2D4}: "URL" = http://search.condui...&ctid=CT3196716

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/10 13:32:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012/03/15 13:59:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/06/29 11:56:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/06/29 11:56:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\John\AppData\Roaming\IDM\idmmzcc5

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [siteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)

O4 - HKCU..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe (Microsoft Corporation)

O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()

O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631}: DhcpNameServer = 10.239.24.5

O18:64bit: - Protocol\Handler\inbox - No CLSID value found

JJMAC · July 1, 2012

POST2 (STEP6 RESULTS CONTINUED)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 12:04:40 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/29 12:04:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/29 12:04:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/29 12:03:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/29 12:03:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/23 13:15:17 | 000,000,000 | ---D | C] -- C:\ARC

[2012/06/21 20:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/06/21 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/06/17 13:02:20 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\mbam log

[2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\iolo

[2012/06/12 14:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/29 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/29 21:06:20 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/29 21:06:20 | 000,639,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/29 21:06:20 | 000,114,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/29 21:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2012/06/29 17:22:26 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk

[2012/06/29 17:21:53 | 000,013,124 | ---- | M] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk

[2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job

[2012/06/29 17:01:23 | 000,002,042 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

[2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 16:22:06 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 16:14:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2012/06/29 16:14:24 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/29 12:02:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/06/29 12:02:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/22 15:38:20 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat

[2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/02 13:55:21 | 000,000,762 | ---- | M] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 17:22:26 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (2).exe.iltyrrf - Shortcut ().lnk

[2012/06/29 17:21:53 | 000,013,124 | ---- | C] () -- C:\Users\John\Desktop\OTL (1).exe.iltyrrf - Shortcut.lnk

[2012/06/22 15:25:35 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat

[2012/06/02 13:55:21 | 000,000,762 | ---- | C] () -- C:\Users\John\Desktop\moneyextra portfolio - Shortcut (2).lnk

[2012/05/10 12:25:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/12/03 17:52:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll

[2011/12/03 17:52:43 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll

[2011/12/03 17:52:43 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll

[2011/12/03 17:52:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll

[2011/12/03 17:52:43 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll

[2011/12/03 17:52:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll

[2011/12/03 17:52:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll

[2011/12/03 17:52:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll

[2011/12/03 17:52:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe

[2011/12/03 17:52:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll

[2011/12/03 17:52:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll

[2011/12/03 17:52:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll

[2011/12/03 17:52:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll

[2011/12/03 17:52:41 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe

[2011/12/03 17:52:41 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll

[2011/12/03 17:52:41 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe

[2011/12/03 17:52:41 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe

[2011/05/09 17:56:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== LOP Check ==========

[2012/06/28 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DMCache

[2012/06/29 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IDM

[2012/06/12 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iolo

[2012/05/23 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Cleaners

[2012/05/23 20:07:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCPro

[2011/05/10 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Toshiba

[2011/06/06 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Uniblue

[2011/09/11 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer

[2012/06/29 16:14:44 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job

[2012/01/11 14:36:11 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job

[2012/06/29 17:07:16 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job

[2012/06/29 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2011/05/22 18:46:51 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job

[2012/04/04 17:45:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

EXTRAS.TXT

(p15)

OTL Extras logfile created on: 6/29/2012 9:54:14 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.09% Memory free

3.74 Gb Paging File | 2.25 Gb Available in Paging File | 60.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.21 Gb Total Space | 82.61 Gb Free Space | 71.09% Space Free | Partition Type: NTFS

Drive D: | 116.28 Gb Total Space | 109.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: JOHN-TOSH | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{076F53EC-998C-466F-AC90-286BD4A337E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{17064CFB-C1A1-45DB-B218-D583BD5340A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{237E4BEA-7DC7-431F-BA10-86A952651051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{241EDC68-1C89-4DD0-A67D-96C6FAA1E5D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{45AF43B4-F860-4EF1-8302-3FB0ECED8C45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{47063998-C868-43E6-B91E-41915922A22F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5C103E45-6C64-4BCE-A87F-84D085FD611E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5CC14CE3-E0FF-4ECD-9F2A-4E9D986186D3}" = lport=138 | protocol=17 | dir=in | app=system |

"{5D815881-9EE5-4E8C-98A1-84954857697F}" = lport=445 | protocol=6 | dir=in | app=system |

"{6A1B0671-0865-4523-A5A6-CCEB6EB6A790}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6DD60571-CF7C-4A1D-A8DD-846D545338DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{756F1ACD-AC59-4B99-B674-BDC6E644D236}" = lport=137 | protocol=17 | dir=in | app=system |

"{7BEC305B-AC84-49BA-B655-8EC5BDEF02FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{83953A2D-6079-4A94-BC5C-DCB511A951DC}" = rport=445 | protocol=6 | dir=out | app=system |

"{93A9A213-5CA2-4C54-8733-1B6BDCD105D8}" = rport=138 | protocol=17 | dir=out | app=system |

"{950CCD33-6D1A-4408-805F-912FB73C4568}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A3CEA036-DFA2-4E43-99B6-0C8538489210}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A617E2C5-8002-4D67-BD37-EF49E08FD569}" = lport=139 | protocol=6 | dir=in | app=system |

"{ABD48222-5433-469D-AEF9-8D891C175084}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CEF55C4D-6B84-412B-8351-296CA67BFBA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D203FE1A-75DD-4A89-AAC6-4B35EB98FC6E}" = rport=137 | protocol=17 | dir=out | app=system |

"{D96D3AD4-5877-40DD-8283-1560FCEB896C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E872DE32-C683-4C83-B6DA-843AF65ED7CE}" = rport=139 | protocol=6 | dir=out | app=system |

"{EC9273B3-8CEE-4313-B8D6-9D2C3C2215E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FAB6C4A9-6051-4E23-8285-E1DD7BF686EC}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{104F0B0C-45EB-4B01-8125-4556F66D3802}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{22383C5D-F7B7-48A6-8540-DA5A20EB8E68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{38034D3E-34C1-45A4-B8E8-FD9CEB51D858}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{388FAB54-35DA-4FA2-AA50-D4AA0CB1F461}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3BB2D16E-1EF6-436C-B175-DC650CB11612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3D00036E-8559-4C8F-B03C-9124384706DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4497794D-EA5E-4243-A587-03E2C70364AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |

"{526095A6-077C-4E60-BC2B-0BD6FF00C4A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5F3919FD-953C-4298-BAE7-2A86B21A63B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6CA296A0-B20E-4A21-9422-997FD15482F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{793C7B9F-EC17-41F8-A56D-223E1F6E588E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{90120EB9-D0FC-47AC-95A0-F3EF5D06E33E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9873B612-C130-4F64-9DBC-7E0164BC62E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |

"{98F6466C-13A8-4427-91B6-817D7D990646}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A7F5E441-5CE0-486C-A2F2-8D65B30220C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{BB6DC2AA-8E0E-4017-9F5C-20D00C3F48CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BF90902D-9CBB-440C-BFFA-191421F9C798}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C071CDD6-8DD3-4B65-92BB-C1159C39D4FA}" = protocol=6 | dir=out | app=system |

"{C86E9DB9-1EB2-4280-9B8D-045C6B019C0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{C90DEFC7-8881-4D0E-9440-BDE47EBBBB97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CADC6694-1BDF-4034-B65A-B1011BF2ACB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D72586FC-D178-4890-AAA2-D2A60258F0A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{EB4DE7AC-EE6A-4BD4-9D88-754310DAA3E1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{ECE2FCD9-E795-4D47-B24D-B743C20CE390}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F478A558-CC9B-44EE-972F-FDB01198EEC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FB4C1C70-3C28-4D56-ADF7-2ECD7C65AF97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FDD17834-6543-479A-8A3D-FDFDE9B0EF15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java 6 Update 25 (64-bit)

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

CONTINUED IN PART2

PART2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO

"{

Maurice Naggar · July 1, 2012

Save and close any work documents, close any apps that you started.

The pc appears to have "Spy Hunter" --- it has a poor reputation.

Go to Control Panel, then Programs and Features. Locate entry for SpyHunter. click on it once to highlight. Then do a Right-click on it and select Un-install (remove).

Close the applet after it is done.

NEXT, Do one of the things outlined below, depedning on whether or not you have MalwareBytes' MBAM already installed:

A) IF you already have MBAM:

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the new MBAM scan log into a reply.

OR

B) IF you do NOT have MBAM installed on this pc:

Please download & save Malwarebytes Anti-Malware from

http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

ALSO, I did not see the Checkup.txt log from the SecurityCheck tool. I need you to run that tool, and copy and paste Checkup.txt

Also, tell me what this pc possibly has from Iolo ? Have you been using System Mechanic ???

IF this has System Mechanic, I ask you to STOP using it, and tell me IF you have used it.

System Mechanic is known to be over-agressive and to "grunge" some needed & important registry entries.

If you have it and if you have not bought it, I ask that you de-install it; and again, let me know.

Also, what use do you make of Uniblue?

Are you in the habit of using "registry cleaners", "registry optimizers", or any such registry tweaker???

JJMAC · July 2, 2012

Maurice

I have completed all of the tests comprising Step 6. I tried but was unable to send all of the Logs/reports in a single post. I had to divide the data into smaller portions for transmission in separate posts. You have received Post1 & 2. Portion of the extras.txt log and the checkup.txt are outstanding. Yesterday I was unable to send Posts 3 & 4 because there was no submit button displayed. Maybe I am not allowed to send a reply to myself. I will attempt to include the missing data in this message.

Spy Hunter is not listed in Programs and Features and I have never used it. I occasionally google to enquire if such an such a program is malware & SpyHunter might be one such program. If it is on my computer it must be hidden.

Io1o. The name means nothing to me . I have not the slightest idea of what it is.

System Mechanic. I have never used System Mechanic.

Uniblue has been popping up on my desktop for some time seeking permission to go on the internet. I have always refused such permission. I do have a driver genius program which I purchased but I have not used it on this laptop. I don’t know how uniblue got on my hard disk. I have now removed it.

I am not in the habit of using registry cleaners or optimisers.

The following are two NBAM logs, one in May which shows the 2 infected files and the other is a current log. I am also attaching POST 3 which includes all of the

Outstanding test results in step 6.

COPY OF MBAM LOG IN MAY WHEN 2 VIRUSES WERE FOUND AND REMOVED

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.16.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

16/05/2012 21:16:38

mbam-log-2012-05-16 (21-16-38).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 205665

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\John\Downloads\PCPerformer_GG.exe.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Users\John\Local Settings\Temporary Internet Files\Silverlight.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

COPY OF MBAM SCAN CARRIED OUT ON 2/7/12

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-TOSH [administrator]

02/07/2012 15:14:06

mbam-log-2012-07-02 (15-14-06).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 216137

Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

POST 3 (STEP6 RESULTS CONTINUED)

[{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications"

Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree

"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals

"{9168d95f-e754-422e-acde-f2b098122816}" = Nero 9 Essentials

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure

"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook

"Excel" = Microsoft Excel 97

"Google Desktop" = Google Desktop

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MSMONEYV50" = Microsoft Money 5.0

"TOSHIBA Game Console" = WildTangent ORB Game Console

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WiseConvert Toolbar" = WiseConvert Toolbar

"Word8.0" = Microsoft Word 97

"WT083877" = Chuzzle Deluxe

"WT083890" = Zuma Deluxe

"WT083910" = Jewel Quest II

"WT083916" = Diner Dash 2 Restaurant Rescue

"WT083925" = Plants vs. Zombies

"WT083929" = Bejeweled 2 Deluxe

"WT083945" = FATE

"WT083958" = Penguins!

"WT083959" = Polar Bowler

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/22/2012 2:21:10 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063e0260 Faulting

process id: 0x6bc Faulting application start time: 0x01cd50a2ffe69f92 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 09fad75d-bc97-11e1-ba0d-00266c7bf904

Error - 6/23/2012 7:03:32 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x063d0260 Faulting

process id: 0xa84 Faulting application start time: 0x01cd512c687ebb3e Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 1188f940-bd23-11e1-b0fa-00266c7bf904

Error - 6/23/2012 8:06:54 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x071a0260 Faulting

process id: 0x618 Faulting application start time: 0x01cd51384bd147d2 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: eba528c1-bd2b-11e1-b0fa-00266c7bf904

Error - 6/23/2012 8:57:22 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00033792 Faulting

process id: 0xf84 Faulting application start time: 0x01cd5138c795f0cc Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: f8bd131a-bd32-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:02:25 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x073c0260 Faulting

process id: 0x1428 Faulting application start time: 0x01cd513fc135f5cf Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: acf44d93-bd33-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:32:31 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x03b10260 Faulting

process id: 0x13e8 Faulting application start time: 0x01cd51449ee3718d Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: e184b9df-bd37-11e1-b0fa-00266c7bf904

Error - 6/23/2012 9:51:29 AM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x06600260 Faulting

process id: 0x75c Faulting application start time: 0x01cd51450cbf93d2 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 883cf5fd-bd3a-11e1-b0fa-00266c7bf904

Error - 6/23/2012 2:26:46 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05d60260 Faulting

process id: 0x808 Faulting application start time: 0x01cd516dbd68ae4d Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: fcea2843-bd60-11e1-b0fa-00266c7bf904

Error - 6/23/2012 2:42:18 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x04e10260 Faulting

process id: 0xa60 Faulting application start time: 0x01cd516fe4264b36 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 286ce719-bd63-11e1-b0fa-00266c7bf904

Error - 6/23/2012 5:34:31 PM | Computer Name = John-TOSH | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,

time stamp: 0x4fb57c8f Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x05e60260 Faulting

process id: 0x1448 Faulting application start time: 0x01cd5187e0b53913 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

Inbox.dll Report Id: 37900b5e-bd7b-11e1-b0fa-00266c7bf904

[ Media Center Events ]

Error - 5/31/2011 3:31:41 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 20:28:49 - Error connecting to the internet. 20:28:49 - Unable

to contact server..

Error - 6/21/2011 7:09:00 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 00:09:00 - Error connecting to the internet. 00:09:00 - Unable

to contact server..

Error - 6/21/2011 7:09:11 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 00:09:05 - Error connecting to the internet. 00:09:05 - Unable

to contact server..

Error - 6/26/2011 7:34:31 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 12:34:26 - Error connecting to the internet. 12:34:26 - Unable

to contact server..

Error - 6/26/2011 8:34:44 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 13:34:41 - Error connecting to the internet. 13:34:41 - Unable

to contact server..

Error - 6/26/2011 9:34:57 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 14:34:51 - Error connecting to the internet. 14:34:51 - Unable

to contact server..

Error - 6/26/2011 10:35:05 AM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 15:35:03 - Error connecting to the internet. 15:35:03 - Unable

to contact server..

Error - 12/6/2011 5:19:14 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 21:19:14 - Error connecting to the internet. 21:19:14 - Unable

to contact server..

Error - 12/6/2011 5:19:24 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 21:19:19 - Error connecting to the internet. 21:19:19 - Unable

to contact server..

Error - 2/11/2012 2:42:26 PM | Computer Name = John-TOSH | Source = MCUpdate | ID = 0

Description = 18:42:20 - Error connecting to the internet. 18:42:20 - Unable

to contact server..

[ System Events ]

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = DCOM | ID = 10005

Description =

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Modules Installer service to connect.

Error - 2/25/2012 2:11:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7000

Description = The Windows Modules Installer service failed to start due to the following

error: %%1053

Error - 3/15/2012 9:00:47 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 3/15/2012 9:44:28 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 9:44:29 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 9:44:30 AM | Computer Name = John-TOSH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 3/15/2012 5:11:24 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 3/16/2012 12:33:57 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

Error - 3/16/2012 6:21:01 PM | Computer Name = John-TOSH | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

< End of report > END OF EXTRAS FILE

SECURITY CHECK

Screen317 (p41)

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

JavaFX 2.1.0

Java 7 Update 4

Out of date Java installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Toshiba TOSHIBA Online Product Information TOPI.exe

Trend Micro AMSP coreServiceShell.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

Trend Micro AMSP coreFrameworkHost.exe

Trend Micro UniClient UiFrmWrk uiSeAgnt.exe

Trend Micro Titanium UIFramework uiWinMgr.exe

``````````End of Log````````````

There appear to be an awful lot of faults/errors recorded in Extras.txt. The most common fault that I am aware of occurs when I exit from a web site I get an error message to say that Internet Explorer had stopped working. Not too bad when it happens at the end of a session but sometimes it happens in the middle of a session.

The above logs refer only to my Laptop.

My desktop computer was more severely infected. Following your advice I notified about a dozen financial institutions (including two banks with whom I have internet accounts) that I could be at risk of identity theft and asked them to put a watch on my account and to notify me of any suspicious activity taking place.

Most have provided me with a special password which would have to be quoted before they would process any transactions. There was a period of about 10 days between the first symptoms of the virus and its removal by malwarebytes following which I continued using the computer for a further 3 to4 weeks before I closed it down (stopped connecting to the internet). There was therefore a period of 5 to 6 weeks during which a hacker could have access to my private data. I have so far not received any report of suspicious activity from any quarter. I know that, if private data has been stolen, it could be used at any future date ,perhaps in a years time. Nevertheless I would expect a hacker to attempt to use the data sooner rather than later.

I fully intended to reformat the hard disk, reinstall Windows Vista and all the programs and for peace of mind I will probably do that although it is a task I don’t relish. If the risk could be classified as unlikely or better still highly unlikely I would be prepared to take that risk.

I would appreciate your advice on the following.

If repeated on my Desktop, would the test programs which I have carried out on my Laptop (the 6 steps) give an indication of whether a Trojan had left an open back door.
If these tests would be worthwhile, could the program files be downloaded on my laptop, saved to a USB memory stick, and transferred and run/loaded on my desktop.? I would not like to risk connecting my desktop to the internet while installing and running these programs.

Thanks for your help. It is much appreciated.

JJMAC

Maurice Naggar · July 3, 2012

The last MBAM run was very good: nothing detected. I do not see (to this point) a need to reformat & re-install this system. Let us proceed with a couple of tests and see those results.

As to your other system, yes you could copy the tools and run on the "other system" ....but you'd be better off creating a New (separate) help topic in this forum.

As regards, your Internet Explorer browser on this system, it appears it is a bit quirky on closure --- maybe you do not clear your temp files regularly, or you may have a few un-needed "toolbars".

For this system, continue with these steps:

Step 1

Close any programs you opened.

Download TFC by OldTimer and SAVE it to your desktop

Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Start NOTEPAD (Windows-key press and type in NOTEPAD & press Enter. Click Format on the menu, and make sure "Word Wrap" is OFF (without a checkmark).

IF & only if it has a checkmark, click it once to un-do. Now Close notepad.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member JJMAC only. If you are a casual viewer, do NOT try this on your system!

If you are not JJMAC and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now :excl:

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Re-enable your antivirus program.

JJMAC · July 6, 2012

When I clicked on the link to download the TFC by oldtimer program I received the following warning: Dangerous Page.

http://oldtimer.geekstogo/Tec.exe Trend Micro (my antivirus program) has confirmed that this web site can transmit malicious software or has been involved in online scams or fraud. A button is preovided which I could click to open the blocked page despite the risk. I was on the point of clicking the button when I began to wonder if it could be possible that someone was masquerading as your goodself and that I should not proceed until I had your assurance that it was safe to do so..

Please may I have that assurance.

Thank you.

Maurice Naggar · July 6, 2012

I assure you that geekstogo is safe. Your antivirus is over-protective. Turn it off temporarily. then download and run TFC

This is the link http://oldtimer.geekstogo.com/TFC.exe

Please follow my current & prior guidance. And proceed forward.

Maurice Naggar · July 9, 2012

Hello JJMAC,

Please advise if you are still with me, needing help.

JJMAC · July 9, 2012

Of course I am still with you. I very much value your help. I hope to run the TFC & Combofix tools tomorrow and you should receive the results shortly..

Computer technology is not a science that I have much knowledge of and , therefore, I try to be very careful to follow instructions correctly. I get the impression that if things go wrong during these tests,say I don't get the expected response to a particular step, I might not be able to recover from that situation. Hopefully no such problems will, arise but it will take me a little longer to carry out the tests.

Many thanks for your continuing help,

JJMAC

Maurice Naggar · July 10, 2012

We always keep in mind the use of procedures that will not harm the system. Take your time, but a) be sure to let us know if you will be out for an extended period and b) NOT use the system to do any websurfing, no online games, no shopping, no online banking. But also, it is important to get moving on the problem lest it gets worse.

JJMAC · July 10, 2012

Maurice

I have run the TFC and the Combofix programs and append below the Combofix.txt log. The test procedure ran smoothly.

After I re-enabled my antivirus program I got a Trend Micro message to say that affected file C:/users/john/desktop/TFC.exe, threat TROJ_Hidefil. BMC had been deleted for your protection. You do not need to do anything else so feel free to close this message.

I presume that Trend Micro has come up with a false positive result and I am quite content to ignore it.

You previously informed me that I could run the tests previously carried out on my laptop (the 6 steps) on my other system (my desktop) by copying the tools which had been downloaded on my laptop to my other system. Could I also copy over TFC.exe and Combo-Fix.exe. Does the first paragraph of step3 imply that there may be a restriction on running Combo-fix on more than one computer?

These additional tests would not be worth running unless as a result it could be concluded that instead of there might have been a trojan backdoor left to the probability would be unlikely that a back door had been left.

If I decide to run these additional tests on my desktop I will open a new

Help topic. Would they be worth running? Please advise.

COMBOFIX .TXT LOG

ComboFix 12-07-10.01 - John 10/07/2012 14:50:12.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1248 [GMT 1:00]

Running from: c:\users\John\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\rnaph.dll

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

2012-07-10 13:58 . 2012-07-10 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 16:27 . 2012-07-06 16:27 -------- d-----w- c:\program files (x86)\Oracle

2012-06-29 21:50 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 21:50 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-29 13:28 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-29 13:28 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-29 13:28 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-29 13:28 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-29 13:28 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-29 13:28 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-29 13:28 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-29 13:27 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-29 13:27 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-29 13:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-29 13:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-29 13:24 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-29 13:24 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-29 13:24 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-29 13:24 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-29 13:24 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-29 13:24 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-29 11:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-29 11:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-29 11:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-29 11:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-29 11:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-29 11:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-29 11:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-29 11:03 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-29 11:03 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- C:\ARC

2012-06-21 19:29 . 2012-06-26 21:16 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\users\John\AppData\Roaming\iolo

2012-06-12 13:39 . 2012-06-12 13:39 -------- d-----w- c:\programdata\iolo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-29 11:02 . 2012-05-09 21:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-29 11:02 . 2011-06-11 14:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-24 10:18 . 2012-05-23 19:06 4101392 ----a-w- c:\windows\uninst.exe

2012-05-12 20:40 . 2012-05-12 20:40 16384 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe

2012-05-10 11:25 . 2012-05-10 11:25 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-05-04 18:29 . 2012-05-12 14:08 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-04 18:29 . 2012-05-12 14:08 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]

2012-02-20 03:34 342232 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 257224]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-09 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1255736]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2011-08-02 67344]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2011-08-02 210704]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 11:02]

.

2012-01-11 c:\windows\Tasks\FileCure Default.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2012-07-10 c:\windows\Tasks\FileCure Startup.job

- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 14:25]

.

2012-07-08 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2011-05-22 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135&lng=en

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

AddRemove-Excel - g:\office\Setup\AcmeXl.exe

AddRemove-Lexmark Z500-Z600 Series - c:\program files (x86) (x86)\Lexmark Z500-Z600 Series\Install\x64\Uninst.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):44,6a,da,36,b1,79,8e,80,95,9a,4e,c3,0e,d9,26,45,64,eb,f4,c0,01,

01,92,81,d1,c0,02,18,94,4f,60,2b,ea,47,f1,b3,90,b5,58,b5,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-276842375-2578982421-1398554826-1001_Classes\Wow6432Node\CLSID\{a4ff78c5-ad40-42e2-90b2-70a0a8a854a8}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000a0

"Therad"=dword:0000001f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,9c,f5,cb,2c,af,d6,12,76,f2,19,3f,57,1d,c6,30,3f,ca,17,f5,bc,41,f8,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

.

**************************************************************************

.

Completion time: 2012-07-10 15:36:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 14:36

.

Pre-Run: 92,228,927,488 bytes free

Post-Run: 91,461,296,128 bytes free

.

- - End Of File - - 30C7F2A4245EB89D80AF20CD9BC1A9BD

Maurice Naggar · July 11, 2012

Q:

Could I also copy over TFC.exe and Combo-Fix.exe. Does the first paragraph of step3 imply that there may be a restriction on running Combo-fix on more than one computer?
These additional tests would not be worth running unless as a result it could be concluded that instead of there might have been a trojan backdoor left to the probability would be unlikely that a back door had been left.
If I decide to run these additional tests on my desktop I will open a new
Help topic. Would they be worth running? Please advise.

A: If you have a different pc with a problem, then follow the forum procedure to open a New help topic:

See http://www.malwareby...?showtopic=9573

More precisely, given a system has suspected malware: NO do not run TFC nor Combofix on your own !

Unsupervised use of Combofix can turn your system un-bootable.

Using TFC on an infected system "might" cause you to loose program links if infected by something like Zeroaccess of fake HDD malwares.

Maurice Naggar · July 11, 2012

ADVISORY:

I re-noticed that your system has Iolo System Mechanic.

Using IOLO System Mechanic will wind up causing you heartache and failed Windows Update installs.

I suggest you un-install it if you did not buy it !

If you bought it, ask Iolo for a refund or a permanent fix to their product.

I urge you to stop using it, as well as, any other "registry cleaner" or registry-wizard or whatever.

I have been "working the salt mines" on the Windows Update MS Answers sub-forum and have had many, many cases where System Mechanic horked (messed up/deleted) legitimate registry entries. Just a few links on this subject you can review: http://answers.micro...0a-ae54a09b71b5 http://answers.micro...ab-97429f916180

http://forums.malwar...howtopic=110333

http://forums.malwar...howtopic=110474

Many many more you can find on Google: http://www.google.co...ved=0CBcQpwUoBA

The thing is you can do your own maintenance for free, without System Mechanic. And you do not need any "registry cleaner" or "registry tweaker". Read this short article: ---> Here is Ed Bott's take on registry cleaners http://www.edbott.com/weblog/?p=643

You can use cleanmgr built inside Windows to clean temporary files. Windows-start >>Cleanmgr

You can use the Windows built in Defrag utility from time to time.

Edited July 11, 2012 by Maurice Naggar

Maurice Naggar · July 11, 2012

The run of Combofix on this system shows the removal of only 2 minor items. Now then, let's have you do an online scan at ESET.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log AND tell me, How is the system now ? :excl:

Maurice Naggar · July 16, 2012

Hello JJMAC,

Kindly advise me as to how you are doing.

JJMAC · July 17, 2012

Maurice I can’t find System Mechanic on my laptop. It is not shown in Program and Features and a search of my laptop reports file not found. It is not a program that I bought and am currently using. The only programs that I bought during the past ten years were XPPro, PC Tune-up and a program that scans the computer to locate and update any out of date drivers found. I have mislaid the installation disk of the latter program. I think it was called driver genius. I purchased this laptop on 11/11/2010.

If you can advise me where System Mechanic is located on my laptop I will do my best to locate and delete it.

The following is the Eset Scan Log. This laptop continues to run very smoothly. The only problem of note is IE explorer stops working every time you log off.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=00a9739ceb3bb64980c85e3350b3d149

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-17 08:31:40

# local_time=2012-07-17 09:31:40 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 5905196 5905196 0 0

# compatibility_mode=5893 16776574 100 94 34156874 95019349 0 0

# compatibility_mode=8192 67108863 100 0 170 170 0 0

# scanned=137020

# found=0

# cleaned=0

# scan_time=2800

Thanks again for your help.

My Desktop computer was infected by malware now my laptop is also infected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information