42 replies to this topic

[ChrisOfTheOT]

MSE stopped updating and MWB revealed the GamePlayLabs infection. I followed a post here (http://forums.malwar...howtopic=109245) but then got Trojan.Dropper. MSE still will not update.

DDS scans attached and a full MWB scan from yesterday (with a TDS Killer & ComboFix from a couple of days ago). MSE was disabled by me for some scans but is running, outdated, now.

I'm stuck - please help! Many thanks,

Chris

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Chris Burson at 10:03:31 on 2012-06-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1650 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
D:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\brss01a.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\ehome\ehRec.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\Microsoft Office\Office10 Tools\Office10\msoffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk
uDefault_Page_URL = hxxp://www.google.co.uk
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "d:\program files\protector suite ql\launcher.exe" /startup
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [UpdatePDRShortCut] "d:\program files\powerdirector\powerdirector\muitransfer\muistartmenu.exe" "d:\program files\powerdirector\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10 tools\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - d:\program files\microsoft money\system\mnyviewer.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{61B9B49E-D410-4CED-9CEE-91A6F6181FE0} : DhcpNameServer = 192.168.1.254
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - d:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - d:\program files\libronix dls\system\ResProt.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-3 21504]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-1-10 44784]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 smscir;SMSCIR Infrared Receiver;c:\windows\system32\drivers\smscir.sys [2007-12-5 62752]
R3 ttv500x;TOSHIBA PCI TV Tuner(x86);c:\windows\system32\drivers\ttv500x.sys [2007-12-5 322816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-2-8 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-2-8 11088]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-22 11:42:32 -------- d-----w- C:\Windows Home Server Drivers for Restore
2012-06-22 11:29:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:28:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:28:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 11:28:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:27:30 -------- d-----w- c:\program files\Oracle
2012-06-22 11:24:37 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-22 10:43:22 -------- d-----w- c:\users\chris burson\appdata\local\temp
2012-06-22 10:37:55 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-22 10:27:11 98816 ----a-w- c:\windows\sed.exe
2012-06-22 10:27:11 518144 ----a-w- c:\windows\SWREG.exe
2012-06-22 10:27:11 256000 ----a-w- c:\windows\PEV.exe
2012-06-22 10:27:11 208896 ----a-w- c:\windows\MBR.exe
2012-06-22 10:27:06 -------- d-----w- C:\ComboFix
2012-06-21 16:24:39 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2dc12d9e-779d-4fdd-a361-868f10215db0}\mpengine.dll
2012-06-18 07:39:44 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-14 08:02:35 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 08:02:35 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 08:02:35 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 08:02:15 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:02:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:36:45 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d70a1e-70e5-462a-be7d-a2244b612401}\gapaengine.dll
2012-06-13 09:38:21 -------- d-----w- c:\program files\PDFCreator
2012-06-12 11:22:17 -------- d-----w- c:\users\chris burson\appdata\roaming\Kodak
.
==================== Find3M ====================
.
2012-06-22 09:28:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 09:28:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 10:03:51.58 ===============

ComboFix 12-06-21.03 - Chris Burson 22/06/2012 11:30:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1800 [GMT 1:00]
Running from: c:\users\Chris Burson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}
c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}\@
c:\users\Chris Burson\AppData\Local\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}\n
c:\users\Chris Burson\GoToAssistDownloadHelper.exe
c:\windows\Installer\{e6985f33-9c31-0bf7-fd93-e0d3aa7e38af}
c:\windows\jestertb.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\spool\prtprocs\w32x86\BRPPROC.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 10:35 . 2012-06-22 10:35 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2012-06-22 10:35 . 2012-06-22 10:35 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-22 09:39 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 16:24 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC12D9E-779D-4FDD-A361-868F10215DB0}\mpengine.dll
2012-06-18 07:39 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 08:02 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 08:02 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 08:02 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 08:02 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:02 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 11:36 . 2012-02-13 08:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5D70A1E-70E5-462A-BE7D-A2244B612401}\gapaengine.dll
2012-06-13 09:38 . 2012-06-13 09:38 -------- d-----w- c:\program files\PDFCreator
2012-06-12 11:22 . 2012-06-12 11:22 -------- d-----w- c:\users\Chris Burson\AppData\Roaming\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 09:28 . 2012-04-10 13:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 09:28 . 2011-06-03 08:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-12 08:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 08:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-12 08:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-12 08:11 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-28 08:02 . 2012-03-28 08:02 82104 ----a-w- c:\windows\system32\NicInE6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 11:22 3186440 ----a-w- d:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 11:22 3186440 ----a-w- d:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-02 833072]
"PSQLLauncher"="d:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"UpdatePDRShortCut"="d:\program files\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-01 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2008-7-23 427336]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10 Tools\Office10\OSA.EXE [2010-6-25 83360]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-11-5 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 11:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3469518139-1120787449-2283880736-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000003
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:36]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\psqlpwd.dll
d:\program files\Protector Suite QL\homefus2.dll
d:\program files\Protector Suite QL\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3408)
d:\program files\Protector Suite QL\farchns.dll
d:\program files\Protector Suite QL\infql2.dll
d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
d:\program files\Nokia\Nokia PC Suite 7\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
d:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Home Server\esClient.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Home Server\WHSConnector.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-22 11:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 10:43
.
Pre-Run: 54,777,167,872 bytes free
Post-Run: 55,524,954,112 bytes free
.
- - End Of File - - 65A0CA5B0099087C5E2440B2C0C2A194

Attached Files

•  mbam-log-2012-06-22 (10-39-48).txt   2K   7 downloads
•  Attach DDS2.txt   149.03K   14 downloads
•  TDSSKiller.2.7.41.0_22.06.2012_11.23.27_log.txt   118.37K   7 downloads

Edited by Maurice Naggar, 26 June 2012 - 06:13 AM.

[Maurice Naggar]

Hello Chris,

Do not run tools on your own. Do not use other members' threads as a template to go by. Please only follow my guidance.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Show all files:

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.

Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

• Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  
  
• Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
  
  On Windows 7, press Windows-key, then start typing in text box [code]Malwarebytes[code] then select/click Malwarebytes Anti-Malware Chameleon
  
  
• Once the Help file opens, click on a Chameleon button (starting with #1)
  
• If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  
  
  
• You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.6 at the top
  
• Press any key to continue as it says in the window {space-bar will do}
  
  
• If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  
  
• Have infinite patience during this process
  
  
• Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  
• Once the update completes and it says your database is updated, click on OK button so that process can continue
  
  
• Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  
  
• After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  
  
• A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  
  
• Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  
• If prompted to restart your computer to complete the removal process, click Yes
  
  
• If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  
  
• After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

[ChrisOfTheOT]

Hi Maurice - many, many thanks for your help. Both MWB logs attached (before and after), though neither showed any infection.

Thanks again Maurice,

Chris

Attached Files

•  mbam-log-2012-06-26 (15-26-31).txt   1.84K   6 downloads
•  mbam-log-2012-06-26 (15-40-36).txt   1.9K   6 downloads

[Maurice Naggar]

The two MBAM logs show nothing detected, which is good.
Step 1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Step 2
Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3
Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)
Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 4

RE-Enable your antivirus program.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of GMER log;
  
• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[ChrisOfTheOT]

Hi Maurice - aswMBR attached. The 'Fix' button was greyed-out and not available. (I assume 'a-v scan to None' was the option to install the anti-virus program, which I declined.)

TDSKiller next...

Thanks again,

Chris

Attached Files

•  aswMBR.txt   1.45K   6 downloads

[ChrisOfTheOT]

TDSKiller attached. Nothing I could see but five 'medium' risk files showed. I went with the suggested option of 'Skip' - I've no idea if that's good or bad!

On to Step 3...

Thanks again,

Chris

Attached Files

•  TDSKiller1.doc   135K   6 downloads

[ChrisOfTheOT]

Just seen the no attachments rule, sorry:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 16:06:32
-----------------------------
16:06:32.281 OS Version: Windows 6.0.6002 Service Pack 2
16:06:32.281 Number of processors: 2 586 0xF0B
16:06:32.281 ComputerName: QOSMIO_G40 UserName:
16:06:33.061 Initialize success
16:07:57.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:07:57.635 Disk 0 Vendor: FUJITSU_ 0040 Size: 238475MB BusType: 3
16:07:57.651 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
16:07:57.651 Disk 1 Vendor: TOSHIBA_ LB01 Size: 238475MB BusType: 3
16:07:57.667 Disk 0 MBR read successfully
16:07:57.667 Disk 0 MBR scan
16:07:57.667 Disk 0 Windows VISTA default MBR code
16:07:57.682 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
16:07:57.698 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51200 MB offset 209717248
16:07:57.713 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 84873 MB offset 314574848
16:07:57.729 Disk 0 scanning sectors +488394752
16:07:57.776 Disk 0 scanning C:\Windows\system32\drivers
16:08:05.155 Service scanning
16:08:24.265 Modules scanning
16:08:31.893 Scan finished successfully
16:08:53.702 Disk 0 MBR has been saved successfully to "C:\Users\Chris Burson\Desktop\MBR.dat"
16:08:53.702 The log file has been saved successfully to "C:\Users\Chris Burson\Desktop\aswMBR.txt"

[ChrisOfTheOT]

TDSKiller:
6:14:27.0181 5668 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
16:14:27.0337 5668 ============================================================
16:14:27.0337 5668 Current date / time: 2012/06/26 16:14:27.0337
16:14:27.0337 5668 SystemInfo:
16:14:27.0337 5668
16:14:27.0337 5668 OS Version: 6.0.6002 ServicePack: 2.0
16:14:27.0337 5668 Product type: Workstation
16:14:27.0337 5668 ComputerName: QOSMIO_G40
16:14:27.0337 5668 UserName: Chris Burson
16:14:27.0337 5668 Windows directory: C:\Windows
16:14:27.0337 5668 System windows directory: C:\Windows
16:14:27.0337 5668 Processor architecture: Intel x86
16:14:27.0337 5668 Number of processors: 2
16:14:27.0337 5668 Page size: 0x1000
16:14:27.0337 5668 Boot type: Normal boot
16:14:27.0337 5668 ============================================================
16:14:27.0774 5668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:14:27.0789 5668 ============================================================
16:14:27.0789 5668 \Device\Harddisk0\DR0:
16:14:27.0789 5668 MBR partitions:
16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x6400000
16:14:27.0789 5668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C00800, BlocksNum 0xA5C4800
16:14:27.0789 5668 ============================================================
16:14:27.0836 5668 C: <-> \Device\Harddisk0\DR0\Partition0
16:14:27.0867 5668 D: <-> \Device\Harddisk0\DR0\Partition1
16:14:27.0914 5668 E: <-> \Device\Harddisk0\DR0\Partition2
16:14:27.0914 5668 ============================================================
16:14:27.0914 5668 Initialize success
16:14:27.0914 5668 ============================================================
16:14:55.0323 4728 ============================================================
16:14:55.0323 4728 Scan started
16:14:55.0323 4728 Mode: Manual; SigCheck; TDLFS;
16:14:55.0323 4728 ============================================================
16:14:55.0760 4728 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:14:55.0854 4728 ACPI - ok
16:14:56.0010 4728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:56.0025 4728 AdobeARMservice - ok
16:14:56.0072 4728 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:14:56.0088 4728 adp94xx - ok
16:14:56.0135 4728 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:14:56.0150 4728 adpahci - ok
16:14:56.0166 4728 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:14:56.0181 4728 adpu160m - ok
16:14:56.0197 4728 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:14:56.0213 4728 adpu320 - ok
16:14:56.0228 4728 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:14:56.0353 4728 AeLookupSvc - ok
16:14:56.0431 4728 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:14:56.0447 4728 AFD - ok
16:14:56.0478 4728 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
16:14:56.0525 4728 AgereModemAudio - ok
16:14:56.0634 4728 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
16:14:56.0681 4728 AgereSoftModem - ok
16:14:56.0712 4728 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:14:56.0727 4728 agp440 - ok
16:14:56.0743 4728 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:14:56.0743 4728 aic78xx - ok
16:14:56.0790 4728 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:14:56.0915 4728 ALG - ok
16:14:56.0930 4728 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:14:56.0930 4728 aliide - ok
16:14:56.0946 4728 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:14:56.0961 4728 amdagp - ok
16:14:56.0977 4728 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:14:56.0977 4728 amdide - ok
16:14:57.0008 4728 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:14:57.0164 4728 AmdK7 - ok
16:14:57.0180 4728 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:14:57.0242 4728 AmdK8 - ok
16:14:57.0273 4728 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:14:57.0305 4728 Appinfo - ok
16:14:57.0351 4728 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:14:57.0367 4728 arc - ok
16:14:57.0398 4728 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:14:57.0398 4728 arcsas - ok
16:14:57.0523 4728 arXfrSvc (0ef69443881cde7d8354408f05cf23df) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
16:14:57.0539 4728 arXfrSvc - ok
16:14:57.0570 4728 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:57.0617 4728 AsyncMac - ok
16:14:57.0648 4728 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:14:57.0663 4728 atapi - ok
16:14:57.0710 4728 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:14:57.0741 4728 AudioEndpointBuilder - ok
16:14:57.0741 4728 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:14:57.0773 4728 Audiosrv - ok
16:14:57.0835 4728 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\Windows\system32\DRIVERS\BackupReader.sys
16:14:57.0835 4728 BackupReader - ok
16:14:57.0882 4728 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:14:57.0929 4728 Beep - ok
16:14:57.0960 4728 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:14:57.0991 4728 BFE - ok
16:14:58.0053 4728 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
16:14:58.0147 4728 BITS - ok
16:14:58.0147 4728 blbdrive - ok
16:14:58.0194 4728 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:14:58.0225 4728 bowser - ok
16:14:58.0241 4728 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:14:58.0272 4728 BrFiltLo - ok
16:14:58.0303 4728 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:14:58.0334 4728 BrFiltUp - ok
16:14:58.0365 4728 Brother XP spl Service (c711ed965009bdcff9aa62ceb6ff1aad) C:\Windows\system32\brsvc01a.exe
16:14:58.0381 4728 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
16:14:58.0381 4728 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
16:14:58.0428 4728 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:14:58.0459 4728 Browser - ok
16:14:58.0490 4728 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:14:58.0553 4728 Brserid - ok
16:14:58.0568 4728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:14:58.0631 4728 BrSerWdm - ok
16:14:58.0646 4728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:14:58.0709 4728 BrUsbMdm - ok
16:14:58.0740 4728 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:14:58.0771 4728 BrUsbSer - ok
16:14:58.0787 4728 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:14:58.0849 4728 BTHMODEM - ok
16:14:58.0989 4728 catchme - ok
16:14:59.0021 4728 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:59.0052 4728 cdfs - ok
16:14:59.0099 4728 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:59.0114 4728 cdrom - ok
16:14:59.0145 4728 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:14:59.0192 4728 CertPropSvc - ok
16:14:59.0270 4728 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:14:59.0301 4728 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
16:14:59.0301 4728 CFSvcs - detected UnsignedFile.Multi.Generic (1)
16:14:59.0333 4728 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
16:14:59.0364 4728 circlass - ok
16:14:59.0426 4728 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:14:59.0442 4728 CLFS - ok
16:14:59.0520 4728 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:59.0520 4728 clr_optimization_v2.0.50727_32 - ok
16:14:59.0613 4728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:59.0629 4728 clr_optimization_v4.0.30319_32 - ok
16:14:59.0645 4728 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:59.0691 4728 CmBatt - ok
16:14:59.0723 4728 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:14:59.0723 4728 cmdide - ok
16:14:59.0738 4728 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:59.0754 4728 Compbatt - ok
16:14:59.0754 4728 COMSysApp - ok
16:14:59.0769 4728 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:14:59.0769 4728 crcdisk - ok
16:14:59.0801 4728 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:14:59.0847 4728 Crusoe - ok
16:14:59.0894 4728 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
16:14:59.0941 4728 CryptSvc - ok
16:15:00.0019 4728 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:15:00.0050 4728 DcomLaunch - ok
16:15:00.0113 4728 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:15:00.0159 4728 DfsC - ok
16:15:00.0284 4728 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:15:00.0393 4728 DFSR - ok
16:15:00.0518 4728 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:15:00.0549 4728 Dhcp - ok
16:15:00.0612 4728 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:15:00.0627 4728 disk - ok
16:15:00.0659 4728 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:15:00.0705 4728 Dnscache - ok
16:15:00.0752 4728 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:15:00.0768 4728 dot3svc - ok
16:15:00.0815 4728 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:15:00.0846 4728 DPS - ok
16:15:00.0877 4728 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:15:00.0893 4728 drmkaud - ok
16:15:00.0971 4728 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:15:01.0002 4728 DXGKrnl - ok
16:15:01.0064 4728 e1express (0c67b7a11e215b5c2ef2eeea70c00e2a) C:\Windows\system32\DRIVERS\e1e6032.sys
16:15:01.0080 4728 e1express - ok
16:15:01.0111 4728 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:15:01.0142 4728 E1G60 - ok
16:15:01.0189 4728 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:15:01.0220 4728 EapHost - ok
16:15:01.0267 4728 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:15:01.0283 4728 Ecache - ok
16:15:01.0345 4728 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:15:01.0361 4728 ehRecvr - ok
16:15:01.0392 4728 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:15:01.0423 4728 ehSched - ok
16:15:01.0439 4728 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:15:01.0470 4728 ehstart - ok
16:15:01.0517 4728 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:15:01.0532 4728 elxstor - ok
16:15:01.0595 4728 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:15:01.0673 4728 EMDMgmt - ok
16:15:01.0766 4728 esClient (27aa2c6917c94f6636563d416c8ee24f) C:\Program Files\Windows Home Server\esClient.exe
16:15:01.0782 4728 esClient - ok
16:15:01.0844 4728 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:15:01.0860 4728 EventSystem - ok
16:15:01.0969 4728 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:15:02.0031 4728 exfat - ok
16:15:02.0094 4728 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:15:02.0125 4728 fastfat - ok
16:15:02.0156 4728 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:15:02.0203 4728 fdc - ok
16:15:02.0234 4728 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:15:02.0250 4728 fdPHost - ok
16:15:02.0265 4728 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:15:02.0312 4728 FDResPub - ok
16:15:02.0359 4728 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:15:02.0375 4728 FileInfo - ok
16:15:02.0390 4728 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:15:02.0406 4728 Filetrace - ok
16:15:02.0421 4728 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:15:02.0453 4728 flpydisk - ok
16:15:02.0515 4728 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:15:02.0531 4728 FltMgr - ok
16:15:02.0624 4728 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:15:02.0640 4728 FontCache - ok
16:15:02.0702 4728 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:02.0718 4728 FontCache3.0.0.0 - ok
16:15:02.0765 4728 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:15:02.0811 4728 Fs_Rec - ok
16:15:02.0843 4728 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:15:02.0843 4728 gagp30kx - ok
16:15:02.0921 4728 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:15:02.0952 4728 gpsvc - ok
16:15:03.0030 4728 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:03.0045 4728 gupdate - ok
16:15:03.0061 4728 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:03.0077 4728 gupdatem - ok
16:15:03.0092 4728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:15:03.0108 4728 gusvc - ok
16:15:03.0123 4728 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:15:03.0186 4728 HdAudAddService - ok
16:15:03.0233 4728 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:03.0279 4728 HDAudBus - ok
16:15:03.0311 4728 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:15:03.0373 4728 HidBth - ok
16:15:03.0389 4728 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
16:15:03.0404 4728 HidIr - ok
16:15:03.0467 4728 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
16:15:03.0498 4728 hidserv - ok
16:15:03.0513 4728 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
16:15:03.0576 4728 HidUsb - ok
16:15:03.0607 4728 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:15:03.0623 4728 hkmsvc - ok
16:15:03.0654 4728 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:15:03.0654 4728 HpCISSs - ok
16:15:03.0716 4728 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:15:03.0763 4728 HTTP - ok
16:15:03.0794 4728 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:15:03.0810 4728 i2omp - ok
16:15:03.0810 4728 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:15:03.0857 4728 i8042prt - ok
16:15:03.0903 4728 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
16:15:03.0903 4728 iaStor - ok
16:15:03.0935 4728 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:15:03.0950 4728 iaStorV - ok
16:15:04.0028 4728 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:15:04.0044 4728 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:15:04.0044 4728 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:15:04.0153 4728 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:04.0200 4728 idsvc - ok
16:15:04.0325 4728 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:15:04.0325 4728 iirsp - ok
16:15:04.0403 4728 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:15:04.0449 4728 IKEEXT - ok
16:15:04.0574 4728 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
16:15:04.0652 4728 IntcAzAudAddService - ok
16:15:04.0777 4728 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:15:04.0777 4728 intelide - ok
16:15:04.0793 4728 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:15:04.0808 4728 intelppm - ok
16:15:04.0839 4728 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:15:04.0886 4728 IPBusEnum - ok
16:15:04.0917 4728 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:04.0964 4728 IpFilterDriver - ok
16:15:05.0011 4728 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:15:05.0042 4728 iphlpsvc - ok
16:15:05.0042 4728 IpInIp - ok
16:15:05.0073 4728 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:15:05.0120 4728 IPMIDRV - ok
16:15:05.0151 4728 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:15:05.0183 4728 IPNAT - ok
16:15:05.0214 4728 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:15:05.0229 4728 IRENUM - ok
16:15:05.0245 4728 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:15:05.0261 4728 isapnp - ok
16:15:05.0292 4728 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:15:05.0307 4728 iScsiPrt - ok
16:15:05.0323 4728 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:15:05.0339 4728 iteatapi - ok
16:15:05.0354 4728 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:15:05.0370 4728 iteraid - ok
16:15:05.0401 4728 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:05.0401 4728 kbdclass - ok
16:15:05.0432 4728 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:05.0463 4728 kbdhid - ok
16:15:05.0510 4728 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:15:05.0541 4728 KeyIso - ok
16:15:05.0573 4728 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
16:15:05.0604 4728 KR10I - ok
16:15:05.0635 4728 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
16:15:05.0651 4728 KR10N - ok
16:15:05.0682 4728 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:15:05.0697 4728 KSecDD - ok
16:15:05.0744 4728 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:15:05.0791 4728 KtmRm - ok
16:15:05.0853 4728 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
16:15:05.0885 4728 LanmanServer - ok
16:15:05.0931 4728 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:15:05.0963 4728 LanmanWorkstation - ok
16:15:05.0994 4728 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:15:06.0025 4728 lltdio - ok
16:15:06.0072 4728 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:15:06.0103 4728 lltdsvc - ok
16:15:06.0150 4728 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:15:06.0181 4728 lmhosts - ok
16:15:06.0212 4728 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:15:06.0212 4728 LSI_FC - ok
16:15:06.0243 4728 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:15:06.0243 4728 LSI_SAS - ok
16:15:06.0259 4728 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:15:06.0275 4728 LSI_SCSI - ok
16:15:06.0290 4728 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:15:06.0337 4728 luafv - ok
16:15:06.0399 4728 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:15:06.0415 4728 MBAMProtector - ok
16:15:06.0524 4728 MBAMService (ba400ed640bca1eae5c727ae17c10207) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:15:06.0571 4728 MBAMService - ok
16:15:06.0602 4728 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:15:06.0633 4728 Mcx2Svc - ok
16:15:06.0727 4728 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:15:06.0727 4728 MDM - ok
16:15:06.0758 4728 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:15:06.0774 4728 megasas - ok
16:15:06.0789 4728 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:15:06.0836 4728 MMCSS - ok
16:15:06.0867 4728 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:15:06.0899 4728 Modem - ok
16:15:06.0961 4728 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:15:06.0992 4728 monitor - ok
16:15:07.0039 4728 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:15:07.0039 4728 mouclass - ok
16:15:07.0055 4728 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:15:07.0086 4728 mouhid - ok
16:15:07.0101 4728 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:15:07.0117 4728 MountMgr - ok
16:15:07.0179 4728 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:15:07.0195 4728 MpFilter - ok
16:15:07.0226 4728 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:15:07.0242 4728 mpio - ok
16:15:07.0273 4728 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:15:07.0289 4728 mpsdrv - ok
16:15:07.0335 4728 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:15:07.0367 4728 MpsSvc - ok
16:15:07.0398 4728 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:15:07.0398 4728 Mraid35x - ok
16:15:07.0445 4728 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:15:07.0476 4728 MRxDAV - ok
16:15:07.0554 4728 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:07.0585 4728 mrxsmb - ok
16:15:07.0647 4728 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:07.0663 4728 mrxsmb10 - ok
16:15:07.0679 4728 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:07.0679 4728 mrxsmb20 - ok
16:15:07.0710 4728 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:15:07.0710 4728 msahci - ok
16:15:07.0741 4728 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:15:07.0741 4728 msdsm - ok
16:15:07.0772 4728 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:15:07.0803 4728 MSDTC - ok
16:15:07.0819 4728 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:15:07.0850 4728 Msfs - ok
16:15:07.0881 4728 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:15:07.0897 4728 msisadrv - ok
16:15:07.0944 4728 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:15:07.0975 4728 MSiSCSI - ok
16:15:07.0975 4728 msiserver - ok
16:15:08.0006 4728 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:15:08.0053 4728 MSKSSRV - ok
16:15:08.0162 4728 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:08.0162 4728 MsMpSvc - ok
16:15:08.0209 4728 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:08.0240 4728 MSPCLOCK - ok
16:15:08.0271 4728 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:15:08.0303 4728 MSPQM - ok
16:15:08.0365 4728 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:15:08.0365 4728 MsRPC - ok
16:15:08.0412 4728 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:08.0427 4728 mssmbios - ok
16:15:08.0443 4728 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:15:08.0474 4728 MSTEE - ok
16:15:08.0490 4728 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:15:08.0505 4728 Mup - ok
16:15:08.0552 4728 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:15:08.0599 4728 napagent - ok
16:15:08.0630 4728 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:15:08.0661 4728 NativeWifiP - ok
16:15:08.0708 4728 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:15:08.0739 4728 NDIS - ok
16:15:08.0786 4728 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:08.0817 4728 NdisTapi - ok
16:15:08.0849 4728 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:08.0880 4728 Ndisuio - ok
16:15:08.0895 4728 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:08.0911 4728 NdisWan - ok
16:15:08.0958 4728 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:15:08.0973 4728 NDProxy - ok
16:15:08.0989 4728 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:15:09.0036 4728 NetBIOS - ok
16:15:09.0067 4728 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:15:09.0083 4728 netbt - ok
16:15:09.0129 4728 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:15:09.0145 4728 Netlogon - ok
16:15:09.0192 4728 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:15:09.0239 4728 Netman - ok
16:15:09.0301 4728 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:15:09.0317 4728 netprofm - ok
16:15:09.0395 4728 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:09.0395 4728 NetTcpPortSharing - ok
16:15:09.0566 4728 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
16:15:09.0675 4728 NETw4v32 - ok
16:15:10.0003 4728 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:15:10.0112 4728 NETw5v32 - ok
16:15:10.0253 4728 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:15:10.0253 4728 nfrd960 - ok
16:15:10.0284 4728 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:15:10.0299 4728 NisDrv - ok
16:15:10.0393 4728 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:15:10.0409 4728 NisSrv - ok
16:15:10.0471 4728 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:15:10.0502 4728 NlaSvc - ok
16:15:10.0565 4728 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:15:10.0596 4728 Npfs - ok
16:15:10.0643 4728 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:15:10.0674 4728 nsi - ok
16:15:10.0721 4728 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:15:10.0767 4728 nsiproxy - ok
16:15:10.0845 4728 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:15:10.0892 4728 Ntfs - ok
16:15:10.0908 4728 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:15:10.0970 4728 ntrigdigi - ok
16:15:11.0001 4728 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:15:11.0033 4728 Null - ok
16:15:11.0423 4728 nvlddmkm (1003439396eae18c3699b5d4532f56aa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:15:11.0781 4728 nvlddmkm - ok
16:15:11.0937 4728 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:15:11.0953 4728 nvraid - ok
16:15:11.0969 4728 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:15:11.0969 4728 nvstor - ok
16:15:12.0000 4728 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:15:12.0015 4728 nv_agp - ok
16:15:12.0015 4728 NwlnkFlt - ok
16:15:12.0031 4728 NwlnkFwd - ok
16:15:12.0078 4728 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:15:12.0125 4728 ohci1394 - ok
16:15:12.0187 4728 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:12.0203 4728 ose - ok
16:15:12.0265 4728 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:15:12.0296 4728 p2pimsvc - ok
16:15:12.0296 4728 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:15:12.0327 4728 p2psvc - ok
16:15:12.0359 4728 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:15:12.0421 4728 Parport - ok
16:15:12.0437 4728 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
16:15:12.0452 4728 partmgr - ok
16:15:12.0483 4728 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:15:12.0546 4728 Parvdm - ok
16:15:12.0577 4728 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:15:12.0593 4728 PcaSvc - ok
16:15:12.0639 4728 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
16:15:12.0671 4728 pccsmcfd - ok
16:15:12.0717 4728 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:15:12.0733 4728 pci - ok
16:15:12.0780 4728 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:15:12.0795 4728 pciide - ok
16:15:12.0827 4728 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
16:15:12.0842 4728 pcmcia - ok
16:15:12.0920 4728 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:15:12.0983 4728 PEAUTH - ok
16:15:13.0092 4728 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:15:13.0154 4728 pla - ok
16:15:13.0279 4728 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:15:13.0326 4728 PlugPlay - ok
16:15:13.0419 4728 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:15:13.0435 4728 PNRPAutoReg - ok
16:15:13.0435 4728 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:15:13.0466 4728 PNRPsvc - ok
16:15:13.0513 4728 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:15:13.0529 4728 PolicyAgent - ok
16:15:13.0591 4728 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:15:13.0638 4728 PptpMiniport - ok
16:15:13.0669 4728 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:15:13.0716 4728 Processor - ok
16:15:13.0763 4728 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:15:13.0778 4728 ProfSvc - ok
16:15:13.0825 4728 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:15:13.0841 4728 ProtectedStorage - ok
16:15:13.0887 4728 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:15:13.0919 4728 PSched - ok
16:15:13.0965 4728 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\Windows\system32\pwdrvio.sys
16:15:13.0981 4728 pwdrvio - ok
16:15:14.0012 4728 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\Windows\system32\pwdspio.sys
16:15:14.0028 4728 pwdspio - ok
16:15:14.0090 4728 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:15:14.0121 4728 ql2300 - ok
16:15:14.0137 4728 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:15:14.0153 4728 ql40xx - ok
16:15:14.0184 4728 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:15:14.0215 4728 QWAVE - ok
16:15:14.0246 4728 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:15:14.0277 4728 QWAVEdrv - ok
16:15:14.0309 4728 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:15:14.0355 4728 RasAcd - ok
16:15:14.0402 4728 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:15:14.0433 4728 RasAuto - ok
16:15:14.0480 4728 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:14.0496 4728 Rasl2tp - ok
16:15:14.0558 4728 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:15:14.0589 4728 RasMan - ok
16:15:14.0621 4728 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:14.0652 4728 RasPppoe - ok
16:15:14.0699 4728 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:15:14.0730 4728 RasSstp - ok
16:15:14.0777 4728 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:15:14.0792 4728 rdbss - ok
16:15:14.0808 4728 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:14.0839 4728 RDPCDD - ok
16:15:14.0901 4728 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:15:14.0948 4728 rdpdr - ok
16:15:14.0964 4728 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:15:14.0995 4728 RDPENCDD - ok
16:15:15.0042 4728 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
16:15:15.0057 4728 RDPWD - ok
16:15:15.0089 4728 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:15:15.0135 4728 RemoteAccess - ok
16:15:15.0167 4728 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:15:15.0198 4728 RemoteRegistry - ok
16:15:15.0291 4728 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
16:15:15.0291 4728 RichVideo - ok
16:15:15.0323 4728 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:15:15.0369 4728 ROOTMODEM - ok
16:15:15.0401 4728 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:15:15.0416 4728 RpcLocator - ok
16:15:15.0479 4728 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:15:15.0494 4728 RpcSs - ok
16:15:15.0525 4728 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:15:15.0557 4728 rspndr - ok
16:15:15.0588 4728 RTL85n86 (c9b9b3219322786ef82745e09fe9cbe8) C:\Windows\system32\DRIVERS\RTL85n86.sys
16:15:15.0635 4728 RTL85n86 - ok
16:15:15.0666 4728 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:15:15.0681 4728 SamSs - ok
16:15:15.0713 4728 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:15:15.0728 4728 sbp2port - ok
16:15:15.0775 4728 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:15:15.0806 4728 SCardSvr - ok
16:15:15.0869 4728 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:15:15.0915 4728 Schedule - ok
16:15:15.0947 4728 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:15:15.0962 4728 SCPolicySvc - ok
16:15:15.0993 4728 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:15:16.0025 4728 sdbus - ok
16:15:16.0056 4728 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:15:16.0087 4728 SDRSVC - ok
16:15:16.0118 4728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:15:16.0181 4728 secdrv - ok
16:15:16.0212 4728 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:15:16.0243 4728 seclogon - ok
16:15:16.0259 4728 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:15:16.0305 4728 SENS - ok
16:15:16.0321 4728 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:15:16.0383 4728 Serenum - ok
16:15:16.0415 4728 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:15:16.0461 4728 Serial - ok
16:15:16.0493 4728 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:15:16.0539 4728 sermouse - ok
16:15:16.0664 4728 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:15:16.0680 4728 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
16:15:16.0680 4728 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
16:15:16.0711 4728 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:15:16.0727 4728 SessionEnv - ok
16:15:16.0758 4728 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:15:16.0773 4728 sffdisk - ok
16:15:16.0805 4728 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:15:16.0851 4728 sffp_mmc - ok
16:15:16.0883 4728 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:15:16.0898 4728 sffp_sd - ok
16:15:16.0898 4728 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
16:15:16.0929 4728 sfloppy - ok
16:15:16.0976 4728 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:15:16.0992 4728 SharedAccess - ok
16:15:17.0054 4728 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:15:17.0070 4728 ShellHWDetection - ok
16:15:17.0101 4728 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:15:17.0101 4728 sisagp - ok
16:15:17.0117 4728 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:15:17.0132 4728 SiSRaid2 - ok
16:15:17.0148 4728 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:15:17.0163 4728 SiSRaid4 - ok
16:15:17.0366 4728 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:15:17.0460 4728 slsvc - ok
16:15:17.0585 4728 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:15:17.0616 4728 SLUINotify - ok
16:15:17.0678 4728 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:15:17.0694 4728 Smb - ok
16:15:17.0725 4728 smscir (7ffa9d581bda7593985c642692e184fe) C:\Windows\system32\DRIVERS\smscir.sys
16:15:17.0741 4728 smscir - ok
16:15:17.0787 4728 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:15:17.0803 4728 SNMPTRAP - ok
16:15:17.0819 4728 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:15:17.0834 4728 spldr - ok
16:15:17.0865 4728 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:15:17.0897 4728 Spooler - ok
16:15:17.0943 4728 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:15:17.0990 4728 srv - ok
16:15:18.0037 4728 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:15:18.0053 4728 srv2 - ok
16:15:18.0099 4728 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:15:18.0115 4728 srvnet - ok
16:15:18.0177 4728 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:15:18.0209 4728 SSDPSRV - ok
16:15:18.0255 4728 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:15:18.0287 4728 SstpSvc - ok
16:15:18.0365 4728 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:15:18.0396 4728 stisvc - ok
16:15:18.0427 4728 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:15:18.0427 4728 swenum - ok
16:15:18.0474 4728 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:15:18.0505 4728 swprv - ok
16:15:18.0536 4728 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:15:18.0552 4728 Symc8xx - ok
16:15:18.0567 4728 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:15:18.0567 4728 Sym_hi - ok
16:15:18.0599 4728 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:15:18.0599 4728 Sym_u3 - ok
16:15:18.0630 4728 SynTP (c281913060232950b1021f7e203bfd76) C:\Windows\system32\DRIVERS\SynTP.sys
16:15:18.0630 4728 SynTP - ok
16:15:18.0708 4728 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:15:18.0739 4728 SysMain - ok
16:15:18.0755 4728 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:15:18.0786 4728 TabletInputService - ok
16:15:18.0833 4728 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:15:18.0864 4728 TapiSrv - ok
16:15:18.0911 4728 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:15:18.0926 4728 TBS - ok
16:15:19.0020 4728 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
16:15:19.0051 4728 Tcpip - ok
16:15:19.0067 4728 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
16:15:19.0098 4728 Tcpip6 - ok
16:15:19.0145 4728 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
16:15:19.0160 4728 tcpipreg - ok
16:15:19.0207 4728 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
16:15:19.0207 4728 TcUsb - ok
16:15:19.0238 4728 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:15:19.0254 4728 tdcmdpst - ok
16:15:19.0285 4728 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:15:19.0301 4728 TDPIPE - ok
16:15:19.0332 4728 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:15:19.0363 4728 TDTCP - ok
16:15:19.0425 4728 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:15:19.0457 4728 tdx - ok
16:15:19.0488 4728 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:15:19.0503 4728 TermDD - ok
16:15:19.0550 4728 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:15:19.0597 4728 TermService - ok
16:15:19.0659 4728 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:15:19.0675 4728 Themes - ok
16:15:19.0691 4728 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:15:19.0722 4728 THREADORDER - ok
16:15:19.0753 4728 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
16:15:19.0784 4728 tifm21 - ok
16:15:19.0878 4728 TNaviSrv (777ed1cfd4fc8c9415555a8b368c1b73) C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
16:15:19.0878 4728 TNaviSrv - ok
16:15:19.0909 4728 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
16:15:19.0925 4728 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
16:15:19.0925 4728 TODDSrv - detected UnsignedFile.Multi.Generic (1)
16:15:19.0971 4728 TosCoSrv (20df81a037ab498e75fcf97e24a69eac) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:15:19.0987 4728 TosCoSrv - ok
16:15:20.0034 4728 TOSHIBA Bluetooth Service (f1ff6b201a6385e54c492f8e92efd62b) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:15:20.0049 4728 TOSHIBA Bluetooth Service - ok
16:15:20.0096 4728 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
16:15:20.0127 4728 tosporte - ok
16:15:20.0159 4728 tosrfbd (eaeddb6c8bbe3e1b753753c2e847fecb) C:\Windows\system32\DRIVERS\tosrfbd.sys
16:15:20.0159 4728 tosrfbd - ok
16:15:20.0174 4728 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
16:15:20.0190 4728 tosrfbnp - ok
16:15:20.0221 4728 Tosrfcom (f6158c41bf2ba736deb779b625597016) C:\Windows\system32\Drivers\tosrfcom.sys
16:15:20.0268 4728 Tosrfcom - ok
16:15:20.0315 4728 tosrfec (c063b8e2db85420438ebce3fc8d2752e) C:\Windows\system32\DRIVERS\tosrfec.sys
16:15:20.0330 4728 tosrfec - ok
16:15:20.0346 4728 Tosrfhid (97c2dc66dfec6706267ecf64f5899ad4) C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:15:20.0393 4728 Tosrfhid - ok
16:15:20.0424 4728 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
16:15:20.0471 4728 tosrfnds - ok
16:15:20.0486 4728 TosRfSnd (bac179b6fce8531d693163cc1fb630c8) C:\Windows\system32\drivers\tosrfsnd.sys
16:15:20.0517 4728 TosRfSnd - ok
16:15:20.0533 4728 Tosrfusb (8f21f09576c36e022f620b71c42e914d) C:\Windows\system32\DRIVERS\tosrfusb.sys
16:15:20.0549 4728 Tosrfusb - ok
16:15:20.0627 4728 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
16:15:20.0658 4728 tos_sps32 - ok
16:15:20.0689 4728 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:15:20.0736 4728 TrkWks - ok
16:15:20.0798 4728 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:15:20.0829 4728 TrustedInstaller - ok
16:15:20.0861 4728 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:20.0876 4728 tssecsrv - ok
16:15:20.0907 4728 ttv500x (9dc10076da6b4e01f6c529ec5a11b89a) C:\Windows\system32\drivers\ttv500x.sys
16:15:20.0939 4728 ttv500x - ok
16:15:20.0954 4728 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:15:20.0985 4728 tunmp - ok
16:15:21.0017 4728 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:15:21.0048 4728 tunnel - ok
16:15:21.0095 4728 TVALZ (c2ac99b9979aa8b82b4bb5ee514ef71b) C:\Windows\system32\DRIVERS\TVALZ.SYS
16:15:21.0110 4728 TVALZ - ok
16:15:21.0141 4728 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:15:21.0157 4728 uagp35 - ok
16:15:21.0188 4728 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:15:21.0219 4728 udfs - ok
16:15:21.0251 4728 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:15:21.0266 4728 UI0Detect - ok
16:15:21.0344 4728 UleadBurningHelper (4bd2c322118a2470b450492a0c3302f9) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:15:21.0360 4728 UleadBurningHelper - ok
16:15:21.0391 4728 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:15:21.0391 4728 uliagpkx - ok
16:15:21.0422 4728 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:15:21.0438 4728 uliahci - ok
16:15:21.0453 4728 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:15:21.0469 4728 UlSata - ok
16:15:21.0485 4728 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:15:21.0500 4728 ulsata2 - ok
16:15:21.0531 4728 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:15:21.0547 4728 umbus - ok
16:15:21.0594 4728 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
16:15:21.0641 4728 UMPass - ok
16:15:21.0703 4728 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:15:21.0734 4728 upnphost - ok
16:15:21.0765 4728 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
16:15:21.0781 4728 upperdev - ok
16:15:21.0843 4728 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:21.0875 4728 usbccgp - ok
16:15:21.0906 4728 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:15:21.0968 4728 usbcir - ok
16:15:21.0999 4728 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:15:22.0031 4728 usbehci - ok
16:15:22.0062 4728 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:15:22.0093 4728 usbhub - ok
16:15:22.0124 4728 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:15:22.0171 4728 usbohci - ok
16:15:22.0218 4728 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:15:22.0265 4728 usbprint - ok
16:15:22.0296 4728 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:15:22.0311 4728 usbscan - ok
16:15:22.0327 4728 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
16:15:22.0343 4728 usbser - ok
16:15:22.0358 4728 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
16:15:22.0389 4728 UsbserFilt - ok
16:15:22.0436 4728 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:22.0483 4728 USBSTOR - ok
16:15:22.0514 4728 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:15:22.0545 4728 usbuhci - ok
16:15:22.0592 4728 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:15:22.0623 4728 usbvideo - ok
16:15:22.0655 4728 UVCFTR (50ba5986dcd8ae3e8907d968bef98615) C:\Windows\system32\Drivers\UVCFTR_S.SYS
16:15:22.0686 4728 UVCFTR - ok
16:15:22.0717 4728 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:15:22.0733 4728 UxSms - ok
16:15:22.0795 4728 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:15:22.0811 4728 vds - ok
16:15:22.0842 4728 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:22.0889 4728 vga - ok
16:15:22.0920 4728 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:15:22.0935 4728 VgaSave - ok
16:15:22.0951 4728 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:15:22.0951 4728 viaagp - ok
16:15:22.0982 4728 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:15:23.0013 4728 ViaC7 - ok
16:15:23.0029 4728 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:15:23.0029 4728 viaide - ok
16:15:23.0060 4728 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:15:23.0076 4728 volmgr - ok
16:15:23.0123 4728 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:15:23.0138 4728 volmgrx - ok
16:15:23.0201 4728 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:15:23.0216 4728 volsnap - ok
16:15:23.0247 4728 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:15:23.0263 4728 vsmraid - ok
16:15:23.0341 4728 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:15:23.0388 4728 VSS - ok
16:15:23.0450 4728 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:15:23.0466 4728 W32Time - ok
16:15:23.0559 4728 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:15:23.0591 4728 WacomPen - ok
16:15:23.0637 4728 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:23.0669 4728 Wanarp - ok
16:15:23.0684 4728 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:23.0700 4728 Wanarpv6 - ok
16:15:23.0747 4728 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:15:23.0762 4728 wcncsvc - ok
16:15:23.0809 4728 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:15:23.0840 4728 WcsPlugInService - ok
16:15:23.0903 4728 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:15:23.0918 4728 Wd - ok
16:15:24.0308 4728 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:15:24.0324 4728 Wdf01000 - ok
16:15:24.0371 4728 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:15:24.0417 4728 WdiServiceHost - ok
16:15:24.0417 4728 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:15:24.0449 4728 WdiSystemHost - ok
16:15:24.0495 4728 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:15:24.0511 4728 WebClient - ok
16:15:24.0558 4728 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:15:24.0558 4728 Wecsvc - ok
16:15:24.0605 4728 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:15:24.0620 4728 wercplsupport - ok
16:15:24.0667 4728 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:15:24.0683 4728 WerSvc - ok
16:15:24.0776 4728 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe
16:15:24.0792 4728 WHSConnector - ok
16:15:24.0948 4728 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:15:24.0963 4728 WinDefend - ok
16:15:24.0995 4728 WinHttpAutoProxySvc - ok
16:15:25.0057 4728 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:15:25.0073 4728 Winmgmt - ok
16:15:25.0166 4728 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:15:25.0213 4728 WinRM - ok
16:15:25.0291 4728 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:15:25.0353 4728 Wlansvc - ok
16:15:25.0416 4728 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:15:25.0463 4728 WmiAcpi - ok
16:15:25.0509 4728 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:15:25.0525 4728 wmiApSrv - ok
16:15:25.0650 4728 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:15:25.0712 4728 WMPNetworkSvc - ok
16:15:25.0743 4728 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:15:25.0759 4728 WPCSvc - ok
16:15:25.0821 4728 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:15:25.0853 4728 WPDBusEnum - ok
16:15:25.0993 4728 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:15:26.0009 4728 WPFFontCache_v0400 - ok
16:15:26.0055 4728 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:15:26.0102 4728 ws2ifsl - ok
16:15:26.0149 4728 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
16:15:26.0165 4728 wscsvc - ok
16:15:26.0180 4728 WSearch - ok
16:15:26.0321 4728 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:15:26.0367 4728 wuauserv - ok
16:15:26.0492 4728 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:15:26.0492 4728 WudfPf - ok
16:15:26.0539 4728 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
16:15:26.0601 4728 wudfsvc - ok
16:15:26.0617 4728 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:15:26.0945 4728 \Device\Harddisk0\DR0 - ok
16:15:26.0945 4728 Boot (0x1200) (887d6080af17e232339a77ae8f0b057c) \Device\Harddisk0\DR0\Partition0
16:15:26.0945 4728 \Device\Harddisk0\DR0\Partition0 - ok
16:15:26.0976 4728 Boot (0x1200) (c9061633bdc339c45b2bdd2ded167b13) \Device\Harddisk0\DR0\Partition1
16:15:26.0976 4728 \Device\Harddisk0\DR0\Partition1 - ok
16:15:26.0991 4728 Boot (0x1200) (84e7b4a313e8c00f00ff12db4d02fe17) \Device\Harddisk0\DR0\Partition2
16:15:26.0991 4728 \Device\Harddisk0\DR0\Partition2 - ok
16:15:26.0991 4728 ============================================================
16:15:26.0991 4728 Scan finished
16:15:26.0991 4728 ============================================================
16:15:27.0007 0564 Detected object count: 5
16:15:27.0007 0564 Actual detected object count: 5
16:16:03.0620 0564 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:03.0620 0564 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:03.0620 0564 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:03.0620 0564 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:03.0620 0564 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:03.0620 0564 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:03.0636 0564 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:03.0636 0564 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:03.0636 0564 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:03.0636 0564 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

[ChrisOfTheOT]

The gmer.net program will not run, it crashes after about a minute of scanning. Should I continue to Step 4?

Cheers,

Chris

[Maurice Naggar]

OK, skip over the Gmer, and do the next step.

[ChrisOfTheOT]

Okay - thanks Maurice.

OTL:
OTL logfile created on: 26/06/2012 16:53:07 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris Burson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free
6.19 Gb Paging File | 4.86 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 51.14 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
Drive D: | 50.00 Gb Total Space | 41.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive E: | 82.88 Gb Total Space | 66.96 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
Drive F: | 647.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 20.01 Gb Total Space | 16.51 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive H: | 50.00 Gb Total Space | 36.44 Gb Free Space | 72.88% Space Free | Partition Type: NTFS
Drive I: | 40.00 Gb Total Space | 39.34 Gb Free Space | 98.35% Space Free | Partition Type: NTFS
Drive J: | 115.99 Gb Total Space | 115.13 Gb Free Space | 99.26% Space Free | Partition Type: NTFS

Computer Name: QOSMIO_G40 | User Name: Chris Burson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011/01/10 13:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
PRC - [2007/11/14 12:08:48 | 000,027,400 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007/11/14 11:43:58 | 000,054,024 | ---- | M] (UPEK Inc.) -- D:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/04/10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2001/02/13 00:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office10 Tools\Office10\MSOFFICE.EXE


========== Modules (No Company Name) ==========

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/10 13:29:24 | 000,239,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2011/01/10 13:28:52 | 000,097,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/10/11 00:17:50 | 000,132,456 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/03/10 14:31:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/11 18:02:38 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- G:\User\Temp\axlyyfoc.sys -- (axlyyfoc)
DRV - File not found [Kernel | On_Demand | Unknown] -- G:\User\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/07 11:07:02 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2011/01/10 13:29:18 | 000,044,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2008/12/18 15:11:40 | 000,042,752 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/12/11 19:02:20 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/27 19:01:56 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/22 14:50:34 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/07 21:57:36 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/01 15:00:00 | 007,630,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/05/02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/04/14 18:32:34 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/03/28 15:56:34 | 000,322,816 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ttv500x.sys -- (ttv500x) TOSHIBA PCI TV Tuner(x86)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2007/01/09 20:00:00 | 000,062,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscir.sys -- (smscir)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 23:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {B6633A79-5F75-4E24-9F7A-86D392D5BD6F}
IE - HKLM\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" = http://www.google.co...g}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{B6633A79-5F75-4E24-9F7A-86D392D5BD6F}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/06/22 11:37:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] D:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdatePDRShortCut] d:\Program Files\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B9B49E-D410-4CED-9CEE-91A6F6181FE0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - D:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - D:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg
O24 - Desktop BackupWallPaper: E:\Pictures\Aircraft\Jaguar, Harrier & Hawk\794124.jpeg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/03/16 05:49:10 | 000,000,062 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 16:51:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe
[2012/06/26 16:21:18 | 000,000,000 | ---D | C] -- C:\ARK
[2012/06/26 16:02:36 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris Burson\Desktop\tdsskiller.exe
[2012/06/26 16:01:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris Burson\Desktop\aswMBR.exe
[2012/06/26 15:21:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/26 15:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 15:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/22 12:29:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 12:29:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 12:28:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 12:28:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 12:28:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 12:28:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 12:28:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/22 12:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/22 12:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/22 12:24:37 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/22 12:24:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 12:24:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/22 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Local\temp
[2012/06/22 11:37:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/22 11:27:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 11:27:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 11:27:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 11:27:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 11:27:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 11:26:56 | 000,000,000 | R--D | C] -- C:\Users\Chris Burson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/22 11:26:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/14 09:46:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 09:46:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 09:46:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 09:46:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 09:46:55 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 09:46:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 09:46:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 09:02:15 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 10:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/06/12 12:22:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Burson\AppData\Roaming\Kodak
[1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 16:51:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Burson\Desktop\OTL.exe
[2012/06/26 16:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 16:08:53 | 000,000,512 | ---- | M] () -- C:\Users\Chris Burson\Desktop\MBR.dat
[2012/06/26 16:02:36 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris Burson\Desktop\tdsskiller.exe
[2012/06/26 16:01:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris Burson\Desktop\aswMBR.exe
[2012/06/26 15:37:53 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001
[2012/06/26 15:37:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 15:37:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 15:37:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 15:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 15:36:52 | 3220,152,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 09:00:10 | 000,000,956 | ---- | M] () -- C:\Users\Chris Burson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 12:24:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/22 11:37:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/22 10:28:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/22 10:28:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/22 09:47:16 | 000,495,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 19:49:07 | 000,125,312 | ---- | M] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat
[2012/06/14 09:54:03 | 000,601,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 09:54:03 | 000,105,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 09:16:25 | 000,000,565 | ---- | M] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk
[2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 E:\Chris' Documents\*.tmp files -> E:\Chris' Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 16:08:53 | 000,000,512 | ---- | C] () -- C:\Users\Chris Burson\Desktop\MBR.dat
[2012/06/22 11:27:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 11:27:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 11:27:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 11:27:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 11:27:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 09:45:59 | 3220,152,320 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/13 09:16:25 | 000,000,565 | ---- | C] () -- C:\Users\Chris Burson\Desktop\Give Us a Job.lnk
[2011/06/03 10:38:26 | 000,017,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/06/03 10:38:25 | 006,904,040 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/04/18 11:38:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/04/02 15:01:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/02 15:01:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/02 14:53:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/08 15:06:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/15 11:35:27 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.001
[2008/09/15 11:35:23 | 000,125,312 | ---- | C] () -- C:\Users\Chris Burson\AppData\Roaming\nvModes.dat
[2008/09/09 17:02:29 | 000,119,296 | ---- | C] () -- C:\Users\Chris Burson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/10/24 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/03/11 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Datel
[2011/06/03 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\dBpoweramp
[2011/05/09 10:38:11 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\EAC
[2011/04/28 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Full
[2008/09/25 09:39:31 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Libronix DLS
[2009/09/19 10:02:55 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Nokia
[2011/01/08 14:17:28 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\OpenOffice.org
[2008/12/23 18:06:38 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\PC Suite
[2009/05/12 10:32:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Toshiba
[2009/05/12 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Ulead Systems
[2009/10/21 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Virtual Mechanics
[2009/12/24 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Burson\AppData\Roaming\Windows Home Server
[2012/06/26 15:35:53 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Extras:
OTL Extras logfile created on: 26/06/2012 16:53:07 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Chris Burson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.16% Memory free
6.19 Gb Paging File | 4.86 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 51.14 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
Drive D: | 50.00 Gb Total Space | 41.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive E: | 82.88 Gb Total Space | 66.96 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
Drive F: | 647.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 20.01 Gb Total Space | 16.51 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive H: | 50.00 Gb Total Space | 36.44 Gb Free Space | 72.88% Space Free | Partition Type: NTFS
Drive I: | 40.00 Gb Total Space | 39.34 Gb Free Space | 98.35% Space Free | Partition Type: NTFS
Drive J: | 115.99 Gb Total Space | 115.13 Gb Free Space | 99.26% Space Free | Partition Type: NTFS

Computer Name: QOSMIO_G40 | User Name: Chris Burson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "d:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "d:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3469518139-1120787449-2283880736-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252E090-BA70-4492-8951-FC575AA96031}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1C6898CB-9869-4A02-8739-9A42F628599C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20B5D650-E85C-4C65-87A7-409AE7A3EC2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{243BE3EF-E88B-49B1-AED0-0207D91B4FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BAB582B-028F-4669-AC1E-BE521BDBC2C6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E151DBB-A50E-4ED8-A39F-75A817A9E702}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3089262C-626C-4762-A40A-F71AEA47E8A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{356BFB16-75DC-4582-913A-5235E1290789}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4EE6FC64-C111-46AA-87C1-778C85F51651}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{507640E2-D79B-447A-BCB9-0F2D8198FA80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50BB1451-743E-46B8-A96B-125D5CF2AF11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{534ECC32-E3B1-4F0B-A70B-32CF8CDACD97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6146192E-229C-4D80-82E2-C363E9FD5B7F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{78F33C16-8FC3-41B3-9753-759B8740D1FE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{81675AFC-BCD6-44B4-91B8-838B00652CCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83C50581-057F-44E0-A462-F39616BB9E1F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8829ED51-D641-4940-B09A-502AAD6DA72D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93A079D0-47ED-4581-BDB3-CF39751BE8A9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B5FFD6BA-2B08-4E6F-9F27-791C13C2D726}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B98A7C8D-3531-4E1B-83F5-0A9257664F63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF97E1D0-11FC-4539-BA9C-F76F02DF546D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CCAD159A-C259-45F9-AA0C-CED2C594E21F}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F40988F-91AC-4A45-A49D-4F28D8A8933C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2742844D-029B-47BE-BAB6-B2D422C5CA0E}" = dir=in | app=d:\program files\powerdirector\powerdirector\pdr.exe |
"{61F2C7D0-7988-4589-B890-74498AEF488E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{81F54781-A475-4EC6-A71E-93C32D807729}" = protocol=17 | dir=in | app=g:\user\temp\7zsbead.tmp\symnrt.exe |
"{A4E9D1BA-0364-464D-B840-5E6222B86573}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AFCE175B-F77C-40A0-B96E-3398F2690427}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C65FE8EA-4B9A-4298-B707-D049D0CCA934}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CC9D5EC2-8A8D-4774-BDB4-0846391CC317}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E10B0EE8-E573-44C3-8521-15B81626F0DE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E3AE38A9-B54B-47CF-91F9-88A49827723A}" = protocol=6 | dir=in | app=g:\user\temp\7zsbead.tmp\symnrt.exe |
"{FB36BF71-5270-4CF7-8B4F-94750109F3E2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{43C49CA5-5709-4A5A-ACBA-BDDC9011D655}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{CB140FC3-2636-4C34-B1D9-1D8F623AC055}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CFE0C25F-4B6D-4D26-B2A7-1420947F19F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FC83C70B-5712-412E-B494-67B18719314B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{1CAF00DC-9F1B-49B5-BCB9-034677B19216}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3DEFF801-C927-4B48-9813-0E35C18501E9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4B0795FC-BCF9-4E4F-9869-C4BD0AB30E91}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{85B8CA2F-58EE-4D20-8ECE-ADE772C2BD5E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11A64428-9699-40FC-9F05-FF79BBC599BD}" = Ulead WinCinema Disc Creator 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5
"{36816A35-8CB9-4BAA-894A-6C5B86B9CB9A}" = Logos 4 Prerequisites
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FF6DCB6-71FA-4DB1-BCDB-7C93DF2DA992}" = Camera Assistant Software for Toshiba(2.0M)
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5452B476-225B-44DA-BF24-6639E0084241}" = Logos Bible Software 4
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = Libronix Update
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA HD DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95250409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit Tools
"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{C4852924-8548-4FA6-A822-5B3840C5E0E7}" = Biblical Hebrew (SIL)
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money System Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7298FD8-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money
"{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot)
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{FDCEF602-9FCA-428E-8AD5-5C3C9DC8CE05}" = Qosmio AV Controller Manager
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler
"Dolby" = Dolby
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Libronix DLS" = Libronix Digital Library System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoScape" = PhotoScape
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"XPort 360_is1" = XPort 360

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/09/2010 03:45:52 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 04:18:30 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/09/2010 04:30:05 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/09/2010 11:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20
Description =

Error - 08/09/2010 04:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20
Description =

Error - 08/09/2010 05:36:18 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/09/2010 04:35:56 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/09/2010 09:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20
Description =

Error - 09/09/2010 11:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20
Description =

Error - 09/09/2010 12:41:05 | Computer Name = Qosmio_G40 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.483.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\SYSTEM
Current
Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666
Error
description: Another version of this product is already installed. Installation
of this version cannot continue. To configure or remove the existing version of
this product, use Add/Remove Programs on the Control Panel.

Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.483.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM
Current
Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error code: 0x80070666
Error
description: Another version of this product is already installed. Installation
of this version cannot continue. To configure or remove the existing version of
this product, use Add/Remove Programs on the Control Panel.

Error - 26/06/2012 10:47:28 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 26/06/2012 10:47:41 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.469.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 26/06/2012 10:47:41 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.469.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 26/06/2012 10:47:48 | Computer Name = Qosmio_G40 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 26/06/2012 10:48:21 | Computer Name = Qosmio_G40 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

[ChrisOfTheOT]

Checkup:
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
JavaFX 2.1.1
JavaFX 2.1.1 SDK
Java™ 7 Update 5
Java SE Development Kit 7 Update 5
Out of date Java installed!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
  
• Enable (check) the Remove found threats option, and run the scan.
  
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
  Look at contents of this file using Notepad.
  
  The Frequently Asked Questions for ESET Online Scanner can be viewed here
  http://go.eset.com/u...ine-scanner/faq
  
  
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

NEXT
Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows firewall
  
• System Restore
  
• Security Center
  
• Windows Update

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

[ChrisOfTheOT]

ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85c70281ac74614892575e48f59b12fa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-27 08:58:16
# local_time=2012-06-27 09:58:16 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 39027868 178316617 0 0
# compatibility_mode=8192 67108863 100 0 152 152 0 0
# scanned=183522
# found=4
# cleaned=4
# scan_time=3606
C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JK3VOGZ\;ID=nemexia-160-5;size=160x600;setID=16;type=1;source=240938900;pub=718681;pub=718681[1].js HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U85ORFFO\fw_dnslink_com[3].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\PDFConverterSetup.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


I noticed the last entry here is a PDF converter. I installed that as a pukka program! (MSE did not flag it as dodgy.) Anyway, on to the Farbar's thing.

Thanks again Maurice.

[ChrisOfTheOT]

FSS:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Chris Burson (administrator) on 27-06-2012 at 10:07:37
Running from "C:\Users\Chris Burson\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 09:11] - [2012-03-30 13:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-14 09:02] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Phew! I do appreciate your time & effort Maurice. Many thanks.

How are we doing?

Cheers,

Chris

[Maurice Naggar]

Be extremely careful when downloading. You must always take a measure that the source is one to be trusted and legitimate.
Not sure yet how "this" is doing.
Windows updates appears to be turned off, as well as the system restore service. What do you know about that ??

• Download and Save McAfee Stinger to your Desktop
  http://www.mcafee.co...ls/stinger.aspx
  
  Close all browsers before starting. Disable your antivirus program and anti-malware,if any.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
  On Windows 7 & Vista systems, Right Click and select Run as Administrator.
  On XP, double-click to start it.
  
  The GUI interface will look like this
  
  
  The C drive is the default for scanning.
  Press the Preferences button. In the top right-block "On virus detection", click Rename
  In the bottom block "Heuristic network check for suspicious files" select High
  
  Click the Scan Now button.
  When done, use the File menu and select Save report to file
  Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.
  
  RE-Enable your anti-virus program.
  
  Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.
  It is not intended as virus protection.
  
  
  
• Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center
  http://www.microsoft...&displaylang=en
  It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.
  
  After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log
  The file may be opened and viewed with Notepad or similar text editor.
  
  Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830
  
  If no infections were found, you will see in your log
  

  Quote

  Results Summary:
  ----------------
  No infection found.
  
  
  
• I am not sure that your MSE is being updated or if it is current.
  Start MSE. Do an Update run. And give me full details on the result.
  
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
  It should be set to, at minimum, Notify but do not download. Please recheck your automatic updates setting and advise on it, too.
  
  
• Check in at Windows Update and install any Critical / Important Updates offered.
  Let me know of these results too.

We are not done.

Edited by Maurice Naggar, 27 June 2012 - 05:56 AM.

[ChrisOfTheOT]

Maurice Naggar, on 27 June 2012 - 05:54 AM, said:

Windows updates appears to be turned off, as well as the system restore service. What do you know about that ??

What? That's not what it should be - according to my settings, Windows Update is automatic (I never change it) and System Restore is set on all drives/partions.

I'll continue with your instructions now.

Cheers,

Chris

[Maurice Naggar]

System Restore should only be set for the Windows-drive-(partition). Not all. Just the Windows-system drive.

It is fine to have Windows Automatic Updates to all-auto. The minimal is to have Notify only.

[ChrisOfTheOT]

I'll have to look at the System Restore setting...

Stinger:

McAfee® Labs Stinger™ Version 10.2.0.684 built on Jun 26 2012
Copyright © 2012 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Jun 26 2012.
Ready to scan for 4513 viruses, trojans and variants.
Scan initiated on Wed Jun 27 12:22:12 2012
Rootkit scan result : Clean

Master Boot Record(s):....2
Possibly Infected:.............0
Boot Sector(s):.................7
Possibly Infected: ............0
Number of clean files: 22482

I'll try the MS tool next.

Thanks Maurice,

Chris

[Maurice Naggar]

OK. Keep moving forward and do the remainder of items I listed, and report.