photoman1963

Members
  • Content count

    10
  • Joined

  • Last visited

About photoman1963

  • Rank
    New Member
  1. Thank you so much for all your help! The antivirus seems to have been uninstalled somehow, so I'll replace that. I'll let my colleague know you helped when he returns from holiday, and maybe I will be able to persuade him to give you a donation Thanks again!
  2. I've attached the files - Attach.txt zipped up, as per the DDS instructions. Thanks again for your help - it's greatly appreciated! DDS.txt Attach.zip
  3. Sorry, I don't know what happened there! Let me try uploading the text file. eset.txt
  4. <p>Hi,</p> <p> </p> <p>It found 2 items. The log file is as follows:</p> <p> </p> <p> </p> <div>C:\Program Files\FoxTabAVIConverter\AviConverter.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.A application</div> <div>C:\Qoobox\Quarantine\C\Users\photoman1963\AppData\Local\Windows Server\hlp.dat.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Bamital.DT trojan</div> <div> </div>
  5. Thanks again! Here is the log ComboFix.txt
  6. Here is the result: SystemLook 30.07.11 by jpshortstuff Log created at 18:50 on 03/04/2012 by photoman1963 Administrator - Elevation successful ========== filefind ========== Searching for "kill.exe" No files found. ========== folderfind ========== Searching for "RAPkiller2" No folders found. ========== regfind ========== Searching for "rappkill" No data found. -= EOF =-
  7. Thanks for your reply. I am unfamiliar with RapKiller2 / rappkill / kill.exe. I cannot find any mention of it in the registry by searching for rapkill, rappkill or kill.exe in regedit - unless f!taskkill.exe is related. Likewise, I cannot find the kill.exe file on the system. The system is running OK, but I notice that if I search in the address bar of Chrome or Internet Explorer, it directs me to uk.search-results.com instead of Google. I have now deleted these search engines and it defaults to Google again. There is no music playing any more!
  8. Hi, Thanks again for your help! I have attached the log file as requested. ComboFix.txt
  9. Hi Daniel, Thanks for your reply. Here is the log file: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.28.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 photoman1963 :: PORTLANDSTUDIOS [administrator] 28/03/2012 11:59:33 mbam-log-2012-03-28 (11-59-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196127 Time elapsed: 8 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 20 HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\Software\MossySkySA (Adware.HotBar.MS) -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MossySkySA (Adware.HotBar.MS) -> Quarantined and deleted successfully. HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files\QuestScan\questscan.dll -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 8 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken. C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\ProgramData\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Program Files\FREEzeFrog\bin\2.0.15.0 (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin\2.0.18.0 (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\data (Adware.HotBar.MS) -> Quarantined and deleted successfully. Files Detected: 12 C:\Users\photoman1963\Downloads\AviConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\photoman1963\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\ProgramData\FREEzeFrogSA\FREEzeFrogSA.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Program Files\FREEzeFrog\bin\2.0.15.0\copyright.txt (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Program Files\FREEzeFrog\bin\2.0.15.0\FREEzeFrogSACB.exe (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Program Files\FREEzeFrog\bin\2.0.15.0\FREEzeFrogSAHook.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin\2.0.18.0\copyright.txt (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin\2.0.18.0\MossySkySACB.exe (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin\2.0.18.0\MossySkySAHook.dll (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\bin\2.0.18.0\MossySkyUninstaller.exe (Adware.HotBar.MS) -> Quarantined and deleted successfully. C:\Users\photoman1963\Local Settings\Application Data\MossySkySA\data\MossySkySA.dat (Adware.HotBar.MS) -> Quarantined and deleted successfully. (end) You didn't say whether you wanted the GMER log file, although I assume you would! I have attached it. I did not close GMER yet, just in case. Thank you for your assistance. I look forward to your reply. ark.txt
  10. Hi guys, My colleague's laptop appears to be infected. I don't know what he's done, but I've noticed several toolbars appearing on it. He told me that he upgraded to IE9 and now it's playing music constantly! When I checked Task Manager, there were still several instances of IE running, even though it was closed. I know I've seen this before and there was a rootkit involved, so thought I'd seek expert help! The computer has IE9, which seems to function normally, and Chrome. Chrome redirects to searchnu.com/406 but IE opens in Google as normal. I removed some toolbars via Control Panel, and iLivid. I've run Malwarebytes AntiMalware and it found and removed several items (ShoppingReport2, QuestScan, MyWebSearch, ShopperReports, Hotbar.MS, Seekmo, FreezeFrog, Adware.Agent, Malware.Trace). I then ran HijackThis, and via their diagnosis online, several items were flagged (including iLivid components), which I haven't yet removed. Following is the DDS log, as requested. Thanks in advance for any assistance - it is greatly appreciated! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by photoman1963 at 12:41:33 on 2012-03-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2942.1793 [GMT 1:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATI9YE.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uWindow Title = Windows Internet Explorer provided by MSN and Bing mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&cd=2XzutCtN2Y1L1QzutDtDtByE0DtBtA0E0AzyyDzztN0C0Czu0G0BtN0D0TzutBtDtCtCtDtBtCzy&cr=609103732 mDefault_Page_URL = hxxp://www.google.co.uk uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [AdobeBridge] uRun: [EPSON Stylus Photo R2400] c:\windows\system32\spool\drivers\w32x86\3\e_fati9sa.exe /fu "c:\windows\temp\E_S233E.tmp" /EF "HKCU" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [rappkill] " uRun: [EPSON Stylus Photo R2400 (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fati9sa.exe /fu "c:\windows\temp\E_S9932.tmp" /EF "HKCU" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe uRun: [EPSON Stylus Photo R800] c:\windows\system32\spool\drivers\w32x86\3\e_fati9ye.exe /fu "c:\windows\temp\E_S2A2E.tmp" /EF "HKCU" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows iLivid Toolbar" mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows ilivid toolbar\datamngr\ToolBar" StartupFolder: c:\users\photom~1\appdata\local\windows\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe StartupFolder: c:\users\photom~1\appdata\local\windows\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090702113641 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.normandie-webcam.com/plugins/vatdec10051/VatDec.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 193.36.79.100 193.36.79.101 TCP: Interfaces\{5F18AA0C-F466-4084-9A75-7D1CFE3EF090} : DhcpNameServer = 193.36.79.100 193.36.79.101 TCP: Interfaces\{D08DF794-B153-4E18-943A-2695593D16BE} : DhcpNameServer = 192.168.1.254 . ============= SERVICES / DRIVERS =============== . R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-24 20352] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-4 187904] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-26 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-26 135664] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-5-1 103040] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-24 937984] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-03-28 10:58:03 -------- d-----w- c:\users\photoman1963\appdata\roaming\Malwarebytes 2012-03-28 10:56:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-28 10:56:11 -------- d-----w- c:\programdata\Malwarebytes 2012-03-28 10:56:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 14:10:28 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bdfeca49-48f9-455d-99e9-9b0f7be208cd}\mpengine.dll 2012-03-16 14:02:54 -------- d-----w- C:\MTV_OUTPUT 2012-03-14 03:02:49 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 03:02:46 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 03:02:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 03:02:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 03:02:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 03:02:46 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 03:02:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-13 22:04:18 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-13 22:04:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 12:42:15.07 ===============