Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hotmail e-mail virus? Automatically sent link, possible virus, to 3 co


  • Please log in to reply

#1
ace_porate

ace_porate

    Member

  • Member
  • PipPipPip
  • 223 posts
Hello,

First of all, it's great to be back at GtG. I was a student at the GtG school back in 2006 for several months, and learned some great stuff. I was also able to help some people, and really enjoyed giving back. It's great to see the progress the site has made.

Anyways, over the last 6 years I haven't had any real trouble with viruses, but this morning something strange happened. My mother called to let me know that my hotmail account had sent her an e-mail with a link to http : // wither dot org etc... and a creepy signature, something to the effect of: "He tried to feel at ease and secure..." signed by Hipolito Addaneye. I found the e-mail in my sent box, and it was sent to two other contacts as well.

Unless I'm living out some sort of Fight Club / insomnia / dual personality-type scenario, it made me suspect a virus. I immediately ran my Trend Micro security scan and restarted my computer. I have run OTL and will post the log below. Thank you in advance for your help!



OTL Extras logfile created on: 4/6/2012 1:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Joe\Desktop\Malware
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.69 Gb Total Space | 106.09 Gb Free Space | 36.75% Space Free | Partition Type: NTFS

Computer Name: JOE-LAPTOP | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 7B 26 66 BB 54 74 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{54A72292-84E3-4C33-9260-54B875A924C1}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{E3BF126A-E1CD-404B-817C-6A9E2C48CC9D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0341C05F-29C4-4B74-B855-1A43AA6A42A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{113673FA-419C-4EC3-A730-9F79A82F582F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{15B84A8E-7D48-43A1-BC9A-EE8903589972}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1798C14C-935A-4F78-89A8-1986370A9334}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2737D21B-F995-4159-88E6-B88D1E350A05}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CCAFF2A-C892-4889-B442-5F3CE6B6C1BF}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{34F0E31D-7B5B-4F56-8C04-9A9DDC48D10E}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{35D2D0D8-CAEF-4A1E-93AA-4DDBA7109E36}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4538353B-E099-47EA-95BD-6C71AFBA5B4F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D7F3645-03D8-439E-9E24-9396D92697EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6328DC67-C5EA-40C7-A905-7C496DEB327E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6620AB6C-B0D3-413F-BF9B-2CE4657623F4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{8235A1C9-5099-4845-90F1-38ABD00D0A6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92AAB2C2-EE0E-45C6-8ACD-0715EF838FDA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A4A6BC1B-A9F0-40B5-8E4D-4CD0BED4B831}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{AE25DD32-539A-48BD-B6F2-90084E486BB2}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{BE35BB4A-1695-4C66-828B-70DD04DC6C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C9BCA51E-9A0A-45F0-ACAD-982A6DC5C958}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{F14E37D5-926E-4275-ADD4-C20F3AE3B364}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{40FFA8A2-451E-9E20-2ADC-2ED924F94D5E}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{885F0FAE-D28B-9EC2-6B28-10B63B4CC1E2}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2F9CA7CF-BEF5-3CD9-8EFF-EC70162E3C02}" = Google Talk Plugin
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{7662F66F-ED2D-4CB8-9E4D-5DD11CBF7D70}" = iRip
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0524B49-9798-4EFB-A392-06C18BEC7432}" = Vz In Home Agent
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}" = Verizon Download Manager
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"BitTorrent" = BitTorrent
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"GOM Player" = GOM Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MakeItLive" = MakeItLive Plugin
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Veetle TV" = Veetle TV 0.9.18
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"vShare" = vShare Plugin
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 4:59:49 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2012 4:59:49 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1545

Error - 4/6/2012 4:59:49 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1545

Error - 4/6/2012 4:59:50 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2012 4:59:50 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2699

Error - 4/6/2012 4:59:50 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2699

Error - 4/6/2012 4:59:51 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2012 4:59:51 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3729

Error - 4/6/2012 4:59:51 AM | Computer Name = Joe-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3729

Error - 4/6/2012 4:06:14 PM | Computer Name = Joe-Laptop | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 6/18/2009 2:49:59 PM | Computer Name = Joe-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 619
seconds with 600 seconds of active time. This session ended with a crash.

Error - 6/21/2009 10:04:40 AM | Computer Name = Joe-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1270
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 7/4/2009 4:17:38 PM | Computer Name = Joe-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1099
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/2/2012 1:37:06 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 2/2/2012 1:37:06 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/2/2012 1:37:06 PM | Computer Name = Joe-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/2/2012 1:37:06 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 2/2/2012 1:37:06 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/4/2012 9:06:42 PM | Computer Name = Joe-Laptop | Source = DCOM | ID = 10005
Description =

Error - 2/4/2012 9:06:43 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 2/4/2012 9:06:43 PM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2012 2:07:36 AM | Computer Name = Joe-Laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 3/28/2012 1:24:37 PM | Computer Name = Joe-Laptop | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
ace_porate

ace_porate

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
Hey Gammo,

Thanks for picking up my thread. I'm now tracking this topic, so i'll be fairly expedient in my replies.


OTL logfile created on: 4/15/2012 11:23:16 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Joe\Desktop\Malware
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.69 Gb Total Space | 107.96 Gb Free Space | 37.40% Space Free | Partition Type: NTFS

Computer Name: JOE-LAPTOP | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2012/03/27 05:09:16 | 009,777,000 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2012/02/27 00:42:52 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2012/02/27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/02/20 21:28:38 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/14 08:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/01/11 10:34:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\Malware\OTL.exe
PRC - [2010/09/02 06:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/02 06:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/02 06:46:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/03/17 13:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/03/05 08:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/01/08 06:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Joe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 18:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/10 17:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/07/10 17:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/06/27 18:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 19:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/09/28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 10:34:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\Malware\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/08 09:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/05/16 08:25:27 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2010/05/16 08:25:27 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2010/05/16 08:25:27 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/04/30 21:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 20:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/24 19:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/04/07 22:58:44 | 000,870,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/02/27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/09/02 06:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/02 06:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 17:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 18:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/28 16:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/11 11:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2011/08/19 02:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2011/08/19 02:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/12 03:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2011/07/12 03:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2011/07/12 03:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/05/16 08:25:34 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/05/16 08:25:34 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/05/16 08:25:34 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/04 09:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 05:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 22:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 17:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/04/28 07:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/15 10:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/08 03:24:48 | 004,257,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/27 20:36:28 | 000,174,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/02/21 10:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 18:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/19 22:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 16:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/03/17 13:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 13:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wallstreetjournal.com/
IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\OrangeHSS\SearchURLHook\SearchPageURL.dll File not found
IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 22:46:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/16 20:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2012/02/11 10:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/11 10:43:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2009/07/22 09:18:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
O3 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000..\Run: [Octoshape Streaming Services] C:\Users\Joe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..Trusted Domains: mappy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
O15 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\makeitlivechrome {51472043-0170-45F9-BCCF-19FCFC676D18} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\makeitlivechrome {51472043-0170-45F9-BCCF-19FCFC676D18} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 08:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/03 08:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/03 08:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 20:23:11 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Photos
[1 C:\Users\Joe\Documents\*.tmp files -> C:\Users\Joe\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/15 11:24:32 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2012/04/15 11:24:30 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2012/04/15 11:12:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 11:05:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 11:05:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 10:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 10:33:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000UA.job
[2012/04/15 09:15:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 21:33:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000Core.job
[2012/04/14 19:08:40 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/04/14 03:45:56 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/14 03:45:56 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/14 03:45:56 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/14 03:37:44 | 4292,861,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 08:51:53 | 000,002,043 | ---- | M] () -- C:\Users\Joe\Desktop\Google Chrome.lnk
[2012/04/13 08:51:53 | 000,002,005 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/11 23:29:27 | 000,016,810 | ---- | M] () -- C:\Users\Joe\Documents\e-mail to Prof. Delsol re Doctorate work.docx
[2012/04/11 12:53:14 | 000,000,680 | ---- | M] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2012/04/07 16:40:04 | 000,011,703 | ---- | M] () -- C:\Users\Joe\Documents\Delsol email notes.docx
[2012/04/06 00:39:39 | 000,010,732 | ---- | M] () -- C:\Users\Joe\Documents\Injuries.docx
[2012/04/03 08:33:06 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/25 17:39:26 | 000,018,257 | ---- | M] () -- C:\Users\Joe\Documents\Ginette translations.docx
[2012/03/20 20:11:22 | 000,230,189 | ---- | M] () -- C:\Users\Joe\Desktop\Ginette320.pdf
[1 C:\Users\Joe\Documents\*.tmp files -> C:\Users\Joe\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 10:02:53 | 000,016,810 | ---- | C] () -- C:\Users\Joe\Documents\e-mail to Prof. Delsol re Doctorate work.docx
[2012/04/07 16:35:36 | 000,011,703 | ---- | C] () -- C:\Users\Joe\Documents\Delsol email notes.docx
[2012/04/03 22:56:25 | 000,010,732 | ---- | C] () -- C:\Users\Joe\Documents\Injuries.docx
[2012/04/03 08:33:06 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/25 16:06:40 | 000,018,257 | ---- | C] () -- C:\Users\Joe\Documents\Ginette translations.docx
[2012/03/20 20:11:21 | 000,230,189 | ---- | C] () -- C:\Users\Joe\Desktop\Ginette320.pdf
[2011/08/19 02:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/01/15 18:33:39 | 000,021,468 | ---- | C] () -- C:\ProgramData\SlingSetup.log
[2009/12/03 12:23:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 12:22:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/08 04:14:55 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2009/06/23 12:10:08 | 000,041,984 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/16 23:42:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/16 01:13:11 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/02/11 05:22:00 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/02/11 05:22:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/02/11 05:22:00 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/14 13:08:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 12:52:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/14 12:52:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/14 12:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/14 12:52:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/14 12:52:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/14 12:52:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== LOP Check ==========

[2009/09/29 06:08:34 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\acccore
[2010/12/02 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\BitTorrent
[2012/01/12 08:49:12 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech
[2010/08/28 12:57:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Octoshape
[2010/08/29 10:27:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ooVoo Details
[2011/01/15 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Sling Media
[2010/11/15 11:14:47 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TechWizard
[2009/08/01 12:22:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TOSHIBA
[2011/05/30 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Uniblue
[2009/05/21 13:30:27 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WildTangent
[2009/10/01 03:42:53 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WinBatch
[2009/07/27 08:59:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Wizards of the Coast
[2012/04/14 19:08:40 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/04/14 03:36:01 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O2 - BHO: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
    O3 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O3 - HKU\S-1-5-21-3855902550-1182629119-1387110158-1000\..\Toolbar\WebBrowser: (MakeItLive Plugin) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
    O18:64bit: - Protocol\Handler\makeitlivechrome {51472043-0170-45F9-BCCF-19FCFC676D18} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\makeitlivechrome {51472043-0170-45F9-BCCF-19FCFC676D18} - C:\Program Files (x86)\MakeItLive\makeitlive_toolbar.dll ()
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    [1 C:\Users\Joe\Documents\*.tmp files -> C:\Users\Joe\Documents\*.tmp -> ]
    [2012/04/15 11:24:32 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2012/04/15 11:24:30 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2010/08/29 10:27:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ooVoo Details
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\MakeItLive
    C:\Program Files (x86)\vShare
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
ace_porate

ace_porate

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
Computer seems to be running fine. Did my OTL logs show something bad in there?

Here are the logs you have requested from TDSS and ComboFix.


19:59:48.0361 6040 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:59:49.0090 6040 ============================================================
19:59:49.0090 6040 Current date / time: 2012/04/15 19:59:49.0090
19:59:49.0090 6040 SystemInfo:
19:59:49.0090 6040
19:59:49.0090 6040 OS Version: 6.0.6002 ServicePack: 2.0
19:59:49.0090 6040 Product type: Workstation
19:59:49.0090 6040 ComputerName: JOE-LAPTOP
19:59:49.0091 6040 UserName: Joe
19:59:49.0091 6040 Windows directory: C:\Windows
19:59:49.0091 6040 System windows directory: C:\Windows
19:59:49.0091 6040 Running under WOW64
19:59:49.0091 6040 Processor architecture: Intel x64
19:59:49.0091 6040 Number of processors: 2
19:59:49.0091 6040 Page size: 0x1000
19:59:49.0091 6040 Boot type: Normal boot
19:59:49.0091 6040 ============================================================
19:59:49.0922 6040 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:49.0931 6040 \Device\Harddisk0\DR0:
19:59:49.0931 6040 MBR used
19:59:49.0931 6040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x24163000
19:59:49.0956 6040 Initialize success
19:59:49.0956 6040 ============================================================
20:00:31.0200 1636 ============================================================
20:00:31.0200 1636 Scan started
20:00:31.0200 1636 Mode: Manual; SigCheck; TDLFS;
20:00:31.0200 1636 ============================================================
20:00:32.0137 1636 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:00:32.0334 1636 ACPI - ok
20:00:32.0516 1636 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:00:32.0579 1636 adp94xx - ok
20:00:32.0756 1636 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:00:32.0812 1636 adpahci - ok
20:00:32.0895 1636 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:00:32.0935 1636 adpu160m - ok
20:00:33.0039 1636 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:00:33.0082 1636 adpu320 - ok
20:00:33.0208 1636 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:00:33.0384 1636 AeLookupSvc - ok
20:00:33.0543 1636 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:00:33.0661 1636 AFD - ok
20:00:33.0777 1636 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
20:00:33.0834 1636 AgereModemAudio - ok
20:00:33.0920 1636 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
20:00:34.0072 1636 AgereSoftModem - ok
20:00:34.0258 1636 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:00:34.0293 1636 agp440 - ok
20:00:34.0352 1636 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:00:34.0387 1636 aic78xx - ok
20:00:34.0463 1636 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:00:34.0652 1636 ALG - ok
20:00:34.0774 1636 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
20:00:34.0803 1636 aliide - ok
20:00:34.0818 1636 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:00:34.0846 1636 amdide - ok
20:00:34.0918 1636 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:00:35.0005 1636 AmdK8 - ok
20:00:35.0109 1636 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:00:35.0197 1636 Appinfo - ok
20:00:35.0331 1636 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:00:35.0367 1636 Apple Mobile Device - ok
20:00:35.0507 1636 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:00:35.0543 1636 arc - ok
20:00:35.0697 1636 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:00:35.0732 1636 arcsas - ok
20:00:35.0869 1636 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:35.0958 1636 AsyncMac - ok
20:00:36.0066 1636 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
20:00:36.0099 1636 atapi - ok
20:00:36.0194 1636 Ati External Event Utility (673d134d1ef8b163e181939f5611bbd4) C:\Windows\system32\Ati2evxx.exe
20:00:36.0323 1636 Ati External Event Utility - ok
20:00:36.0771 1636 atikmdag (d51496a88a183b5363ac6651ea703434) C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:36.0994 1636 atikmdag - ok
20:00:37.0128 1636 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:00:37.0232 1636 AudioEndpointBuilder - ok
20:00:37.0245 1636 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:00:37.0298 1636 AudioSrv - ok
20:00:37.0425 1636 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:00:37.0515 1636 BFE - ok
20:00:37.0660 1636 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
20:00:37.0807 1636 BITS - ok
20:00:37.0924 1636 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:00:38.0014 1636 blbdrive - ok
20:00:38.0136 1636 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:00:38.0183 1636 Bonjour Service - ok
20:00:38.0311 1636 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:00:38.0385 1636 bowser - ok
20:00:38.0522 1636 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:00:38.0575 1636 BrFiltLo - ok
20:00:38.0597 1636 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:00:38.0666 1636 BrFiltUp - ok
20:00:38.0795 1636 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:00:38.0873 1636 Browser - ok
20:00:38.0951 1636 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:00:39.0195 1636 Brserid - ok
20:00:39.0322 1636 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:00:39.0449 1636 BrSerWdm - ok
20:00:39.0472 1636 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:00:39.0570 1636 BrUsbMdm - ok
20:00:39.0676 1636 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:00:39.0786 1636 BrUsbSer - ok
20:00:39.0883 1636 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:00:40.0005 1636 BTHMODEM - ok
20:00:40.0104 1636 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:00:40.0173 1636 cdfs - ok
20:00:40.0300 1636 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:00:40.0359 1636 cdrom - ok
20:00:40.0426 1636 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:00:40.0492 1636 CertPropSvc - ok
20:00:40.0604 1636 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
20:00:40.0692 1636 circlass - ok
20:00:40.0797 1636 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:00:40.0852 1636 CLFS - ok
20:00:40.0941 1636 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:40.0978 1636 clr_optimization_v2.0.50727_32 - ok
20:00:41.0043 1636 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:41.0080 1636 clr_optimization_v2.0.50727_64 - ok
20:00:41.0202 1636 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:41.0223 1636 clr_optimization_v4.0.30319_32 - ok
20:00:41.0300 1636 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:00:41.0319 1636 clr_optimization_v4.0.30319_64 - ok
20:00:41.0433 1636 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:41.0513 1636 CmBatt - ok
20:00:41.0583 1636 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:00:41.0611 1636 cmdide - ok
20:00:41.0679 1636 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:00:41.0709 1636 Compbatt - ok
20:00:41.0741 1636 COMSysApp - ok
20:00:41.0858 1636 ConfigFree Gadget Service (b9d3d216c66e0cd37478f5e5778aa35b) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:00:41.0901 1636 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
20:00:41.0901 1636 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
20:00:41.0925 1636 ConfigFree Service (c508b28b9da7563634a2a2b2eef4395d) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:00:41.0988 1636 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
20:00:41.0989 1636 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
20:00:42.0122 1636 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:00:42.0155 1636 crcdisk - ok
20:00:42.0317 1636 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:00:42.0375 1636 CryptSvc - ok
20:00:42.0462 1636 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:00:42.0548 1636 DcomLaunch - ok
20:00:42.0668 1636 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:00:42.0737 1636 DfsC - ok
20:00:42.0943 1636 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:00:43.0113 1636 DFSR - ok
20:00:43.0251 1636 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:00:43.0313 1636 Dhcp - ok
20:00:43.0353 1636 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:00:43.0388 1636 disk - ok
20:00:43.0524 1636 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:00:43.0599 1636 Dnscache - ok
20:00:43.0649 1636 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:00:43.0718 1636 dot3svc - ok
20:00:43.0850 1636 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:00:43.0938 1636 DPS - ok
20:00:44.0028 1636 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:00:44.0079 1636 drmkaud - ok
20:00:44.0183 1636 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:00:44.0239 1636 DXGKrnl - ok
20:00:44.0369 1636 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:00:44.0462 1636 E1G60 - ok
20:00:44.0590 1636 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:00:44.0660 1636 EapHost - ok
20:00:44.0717 1636 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:00:44.0761 1636 Ecache - ok
20:00:44.0830 1636 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:00:44.0912 1636 ehRecvr - ok
20:00:44.0925 1636 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:00:44.0980 1636 ehSched - ok
20:00:45.0083 1636 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:00:45.0129 1636 ehstart - ok
20:00:45.0236 1636 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:00:45.0292 1636 elxstor - ok
20:00:45.0367 1636 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:00:45.0482 1636 EMDMgmt - ok
20:00:45.0598 1636 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
20:00:45.0672 1636 ErrDev - ok
20:00:45.0819 1636 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:00:45.0893 1636 EventSystem - ok
20:00:46.0024 1636 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:00:46.0101 1636 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:00:46.0101 1636 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:00:46.0216 1636 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:00:46.0296 1636 exfat - ok
20:00:46.0412 1636 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:00:46.0488 1636 fastfat - ok
20:00:46.0587 1636 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:00:46.0668 1636 fdc - ok
20:00:46.0718 1636 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:00:46.0778 1636 fdPHost - ok
20:00:46.0844 1636 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:00:46.0949 1636 FDResPub - ok
20:00:46.0978 1636 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:00:47.0014 1636 FileInfo - ok
20:00:47.0076 1636 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:00:47.0147 1636 Filetrace - ok
20:00:47.0219 1636 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:47.0297 1636 flpydisk - ok
20:00:47.0340 1636 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:00:47.0391 1636 FltMgr - ok
20:00:47.0541 1636 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:00:47.0636 1636 FontCache - ok
20:00:47.0736 1636 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:00:47.0769 1636 FontCache3.0.0.0 - ok
20:00:47.0832 1636 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:00:47.0898 1636 Fs_Rec - ok
20:00:48.0040 1636 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
20:00:48.0092 1636 FwLnk - ok
20:00:48.0210 1636 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:00:48.0247 1636 gagp30kx - ok
20:00:48.0353 1636 GameConsoleService (9dcf7dfe5fdbb0a47f8ee01fe13c2876) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:00:48.0407 1636 GameConsoleService - ok
20:00:48.0556 1636 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:00:48.0582 1636 GEARAspiWDM - ok
20:00:48.0634 1636 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:00:48.0709 1636 gpsvc - ok
20:00:48.0840 1636 gupdate1c9f437248fdb60 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:48.0861 1636 gupdate1c9f437248fdb60 - ok
20:00:48.0884 1636 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:48.0903 1636 gupdatem - ok
20:00:48.0965 1636 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:00:49.0018 1636 gusvc - ok
20:00:49.0169 1636 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
20:00:49.0321 1636 HdAudAddService - ok
20:00:49.0449 1636 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:49.0553 1636 HDAudBus - ok
20:00:49.0664 1636 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:00:49.0781 1636 HidBth - ok
20:00:50.0048 1636 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
20:00:50.0154 1636 HidIr - ok
20:00:50.0217 1636 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
20:00:50.0276 1636 hidserv - ok
20:00:50.0333 1636 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:00:50.0397 1636 HidUsb - ok
20:00:50.0457 1636 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:00:50.0541 1636 hkmsvc - ok
20:00:50.0636 1636 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:00:50.0669 1636 HpCISSs - ok
20:00:50.0772 1636 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:00:50.0883 1636 HTTP - ok
20:00:50.0952 1636 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:00:50.0984 1636 i2omp - ok
20:00:51.0069 1636 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:51.0153 1636 i8042prt - ok
20:00:51.0264 1636 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:00:51.0325 1636 iaStor - ok
20:00:51.0396 1636 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:00:51.0447 1636 iaStorV - ok
20:00:51.0532 1636 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:00:51.0647 1636 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:00:51.0647 1636 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:00:51.0821 1636 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:00:51.0897 1636 idsvc - ok
20:00:52.0091 1636 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:00:52.0139 1636 IHA_MessageCenter - ok
20:00:52.0275 1636 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:00:52.0306 1636 iirsp - ok
20:00:52.0346 1636 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:00:52.0429 1636 IKEEXT - ok
20:00:52.0630 1636 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
20:00:52.0732 1636 IntcAzAudAddService - ok
20:00:52.0882 1636 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:00:52.0914 1636 intelide - ok
20:00:52.0935 1636 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:00:52.0993 1636 intelppm - ok
20:00:53.0079 1636 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:00:53.0164 1636 IPBusEnum - ok
20:00:53.0221 1636 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:53.0289 1636 IpFilterDriver - ok
20:00:53.0411 1636 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:00:53.0489 1636 iphlpsvc - ok
20:00:53.0586 1636 IpInIp - ok
20:00:53.0630 1636 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:00:53.0730 1636 IPMIDRV - ok
20:00:53.0840 1636 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:00:53.0929 1636 IPNAT - ok
20:00:54.0012 1636 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:00:54.0082 1636 iPod Service - ok
20:00:54.0252 1636 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:00:54.0327 1636 IRENUM - ok
20:00:54.0459 1636 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:00:54.0492 1636 isapnp - ok
20:00:54.0531 1636 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:54.0558 1636 iScsiPrt - ok
20:00:54.0655 1636 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:00:54.0686 1636 iteatapi - ok
20:00:54.0745 1636 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:00:54.0775 1636 iteraid - ok
20:00:54.0798 1636 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:54.0835 1636 kbdclass - ok
20:00:54.0903 1636 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:54.0963 1636 kbdhid - ok
20:00:55.0026 1636 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:00:55.0096 1636 KeyIso - ok
20:00:55.0211 1636 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
20:00:55.0297 1636 KR10I64 - ok
20:00:55.0398 1636 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
20:00:55.0453 1636 KR10N64 - ok
20:00:55.0514 1636 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:00:55.0582 1636 KSecDD - ok
20:00:55.0695 1636 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:00:55.0776 1636 ksthunk - ok
20:00:55.0817 1636 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:00:55.0951 1636 KtmRm - ok
20:00:56.0075 1636 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
20:00:56.0141 1636 LanmanServer - ok
20:00:56.0292 1636 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:00:56.0360 1636 LanmanWorkstation - ok
20:00:56.0407 1636 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:00:56.0501 1636 lltdio - ok
20:00:56.0612 1636 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:00:56.0713 1636 lltdsvc - ok
20:00:56.0744 1636 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:00:56.0817 1636 lmhosts - ok
20:00:56.0919 1636 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:00:56.0957 1636 LSI_FC - ok
20:00:56.0979 1636 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:00:57.0018 1636 LSI_SAS - ok
20:00:57.0040 1636 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:00:57.0080 1636 LSI_SCSI - ok
20:00:57.0186 1636 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:00:57.0282 1636 luafv - ok
20:00:57.0338 1636 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:00:57.0368 1636 LVPr2M64 - ok
20:00:57.0373 1636 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:00:57.0389 1636 LVPr2Mon - ok
20:00:57.0440 1636 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
20:00:57.0458 1636 LVPrcS64 - ok
20:00:57.0629 1636 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
20:00:57.0678 1636 LVRS64 - ok
20:00:57.0850 1636 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:00:58.0270 1636 LVUVC64 - ok
20:00:58.0375 1636 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
20:00:58.0449 1636 McciCMService ( UnsignedFile.Multi.Generic ) - warning
20:00:58.0449 1636 McciCMService - detected UnsignedFile.Multi.Generic (1)
20:00:58.0506 1636 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
20:00:58.0582 1636 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
20:00:58.0582 1636 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
20:00:58.0681 1636 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:00:58.0714 1636 Mcx2Svc - ok
20:00:58.0784 1636 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:00:58.0816 1636 megasas - ok
20:00:58.0911 1636 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:00:58.0968 1636 MegaSR - ok
20:00:58.0997 1636 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:00:59.0083 1636 MMCSS - ok
20:00:59.0189 1636 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:00:59.0247 1636 Modem - ok
20:00:59.0272 1636 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:00:59.0333 1636 monitor - ok
20:00:59.0352 1636 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:00:59.0387 1636 mouclass - ok
20:00:59.0530 1636 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:00:59.0618 1636 mouhid - ok
20:00:59.0644 1636 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:00:59.0678 1636 MountMgr - ok
20:00:59.0814 1636 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:00:59.0859 1636 mpio - ok
20:00:59.0885 1636 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:00:59.0958 1636 mpsdrv - ok
20:01:00.0059 1636 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:01:00.0139 1636 MpsSvc - ok
20:01:00.0199 1636 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:01:00.0229 1636 Mraid35x - ok
20:01:00.0312 1636 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
20:01:00.0345 1636 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:01:00.0345 1636 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:01:00.0370 1636 MREMP50a64 - ok
20:01:00.0379 1636 MREMPR5 - ok
20:01:00.0386 1636 MRENDIS5 - ok
20:01:00.0441 1636 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
20:01:00.0469 1636 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:01:00.0470 1636 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:01:00.0475 1636 MRESP50a64 - ok
20:01:00.0594 1636 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:01:00.0639 1636 MRxDAV - ok
20:01:00.0694 1636 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:00.0759 1636 mrxsmb - ok
20:01:00.0896 1636 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:00.0964 1636 mrxsmb10 - ok
20:01:01.0006 1636 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:01.0056 1636 mrxsmb20 - ok
20:01:01.0161 1636 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
20:01:01.0192 1636 msahci - ok
20:01:01.0220 1636 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:01:01.0258 1636 msdsm - ok
20:01:01.0293 1636 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:01:01.0374 1636 MSDTC - ok
20:01:01.0485 1636 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:01:01.0569 1636 Msfs - ok
20:01:01.0711 1636 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:01:01.0740 1636 msisadrv - ok
20:01:01.0778 1636 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:01:01.0869 1636 MSiSCSI - ok
20:01:01.0939 1636 msiserver - ok
20:01:01.0989 1636 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:01:02.0073 1636 MSKSSRV - ok
20:01:02.0206 1636 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:02.0286 1636 MSPCLOCK - ok
20:01:02.0305 1636 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:01:02.0388 1636 MSPQM - ok
20:01:02.0502 1636 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:01:02.0550 1636 MsRPC - ok
20:01:02.0588 1636 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:01:02.0610 1636 mssmbios - ok
20:01:02.0708 1636 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:01:02.0782 1636 MSTEE - ok
20:01:02.0821 1636 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:01:02.0855 1636 Mup - ok
20:01:02.0959 1636 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:01:03.0031 1636 napagent - ok
20:01:03.0175 1636 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:01:03.0239 1636 NativeWifiP - ok
20:01:03.0400 1636 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:01:03.0445 1636 NDIS - ok
20:01:03.0573 1636 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:03.0644 1636 NdisTapi - ok
20:01:03.0663 1636 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:03.0743 1636 Ndisuio - ok
20:01:03.0845 1636 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:03.0913 1636 NdisWan - ok
20:01:03.0954 1636 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:01:04.0022 1636 NDProxy - ok
20:01:04.0123 1636 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:01:04.0206 1636 NetBIOS - ok
20:01:04.0250 1636 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:01:04.0322 1636 netbt - ok
20:01:04.0427 1636 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:01:04.0449 1636 Netlogon - ok
20:01:04.0487 1636 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:01:04.0553 1636 Netman - ok
20:01:04.0618 1636 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:01:04.0708 1636 netprofm - ok
20:01:04.0775 1636 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:04.0816 1636 NetTcpPortSharing - ok
20:01:05.0031 1636 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:01:05.0364 1636 NETw5v64 - ok
20:01:05.0474 1636 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:01:05.0504 1636 nfrd960 - ok
20:01:05.0537 1636 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:01:05.0606 1636 NlaSvc - ok
20:01:05.0719 1636 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:01:05.0787 1636 Npfs - ok
20:01:05.0867 1636 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:01:05.0946 1636 nsi - ok
20:01:05.0994 1636 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:01:06.0073 1636 nsiproxy - ok
20:01:06.0198 1636 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:01:06.0342 1636 Ntfs - ok
20:01:06.0501 1636 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:01:06.0567 1636 Null - ok
20:01:06.0593 1636 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:01:06.0636 1636 nvraid - ok
20:01:06.0659 1636 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:01:06.0693 1636 nvstor - ok
20:01:06.0803 1636 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:01:06.0843 1636 nv_agp - ok
20:01:06.0853 1636 NwlnkFlt - ok
20:01:06.0868 1636 NwlnkFwd - ok
20:01:07.0001 1636 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:01:07.0066 1636 odserv - ok
20:01:07.0196 1636 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:01:07.0238 1636 ohci1394 - ok
20:01:07.0339 1636 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:07.0384 1636 ose - ok
20:01:07.0594 1636 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:01:07.0716 1636 p2pimsvc - ok
20:01:07.0737 1636 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:01:07.0807 1636 p2psvc - ok
20:01:07.0976 1636 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:01:08.0092 1636 Parport - ok
20:01:08.0244 1636 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
20:01:08.0279 1636 partmgr - ok
20:01:08.0335 1636 PCAMp50a64 - ok
20:01:08.0410 1636 PCASp50a64 - ok
20:01:08.0453 1636 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:01:08.0516 1636 PcaSvc - ok
20:01:08.0627 1636 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:01:08.0658 1636 pci - ok
20:01:08.0695 1636 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
20:01:08.0723 1636 pciide - ok
20:01:08.0838 1636 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:01:08.0884 1636 pcmcia - ok
20:01:08.0947 1636 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:01:09.0130 1636 PEAUTH - ok
20:01:09.0226 1636 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:01:09.0318 1636 PerfHost - ok
20:01:09.0470 1636 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:01:09.0589 1636 pla - ok
20:01:09.0695 1636 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:01:09.0755 1636 PlugPlay - ok
20:01:09.0816 1636 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:01:09.0882 1636 PNRPAutoReg - ok
20:01:09.0914 1636 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:01:09.0957 1636 PNRPsvc - ok
20:01:10.0073 1636 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:01:10.0194 1636 PolicyAgent - ok
20:01:10.0242 1636 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:01:10.0314 1636 PptpMiniport - ok
20:01:10.0422 1636 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:01:10.0491 1636 Processor - ok
20:01:10.0543 1636 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:01:10.0589 1636 ProfSvc - ok
20:01:10.0705 1636 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:01:10.0727 1636 ProtectedStorage - ok
20:01:10.0760 1636 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:01:10.0803 1636 PSched - ok
20:01:10.0952 1636 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:01:11.0048 1636 ql2300 - ok
20:01:11.0173 1636 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:01:11.0210 1636 ql40xx - ok
20:01:11.0263 1636 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:01:11.0322 1636 QWAVE - ok
20:01:11.0432 1636 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:01:11.0471 1636 QWAVEdrv - ok
20:01:11.0500 1636 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:01:11.0572 1636 RasAcd - ok
20:01:11.0684 1636 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:01:11.0761 1636 RasAuto - ok
20:01:11.0815 1636 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:11.0891 1636 Rasl2tp - ok
20:01:11.0977 1636 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:01:12.0055 1636 RasMan - ok
20:01:12.0098 1636 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:12.0176 1636 RasPppoe - ok
20:01:12.0363 1636 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:01:12.0425 1636 RasSstp - ok
20:01:12.0545 1636 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:01:12.0613 1636 rdbss - ok
20:01:12.0746 1636 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:12.0811 1636 RDPCDD - ok
20:01:12.0878 1636 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:01:13.0026 1636 rdpdr - ok
20:01:13.0113 1636 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:01:13.0179 1636 RDPENCDD - ok
20:01:13.0339 1636 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:01:13.0421 1636 RDPWD - ok
20:01:13.0570 1636 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:01:13.0647 1636 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:01:13.0647 1636 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:01:13.0791 1636 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:01:13.0899 1636 RemoteAccess - ok
20:01:13.0954 1636 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:01:14.0045 1636 RemoteRegistry - ok
20:01:14.0216 1636 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:01:14.0292 1636 rimmptsk - ok
20:01:14.0334 1636 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
20:01:14.0398 1636 rimsptsk - ok
20:01:14.0531 1636 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:01:14.0574 1636 rismxdp - ok
20:01:14.0603 1636 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:01:14.0665 1636 RpcLocator - ok
20:01:14.0764 1636 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:01:14.0824 1636 RpcSs - ok
20:01:14.0868 1636 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:01:14.0945 1636 rspndr - ok
20:01:15.0055 1636 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
20:01:15.0092 1636 RTHDMIAzAudService - ok
20:01:15.0143 1636 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
20:01:15.0263 1636 RTL8169 - ok
20:01:15.0472 1636 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:01:15.0494 1636 SamSs - ok
20:01:15.0556 1636 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:01:15.0589 1636 sbp2port - ok
20:01:15.0737 1636 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:01:15.0823 1636 SCardSvr - ok
20:01:15.0938 1636 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:01:16.0051 1636 Schedule - ok
20:01:16.0150 1636 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:01:16.0193 1636 SCPolicySvc - ok
20:01:16.0291 1636 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:01:16.0447 1636 sdbus - ok
20:01:16.0615 1636 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:01:16.0689 1636 SDRSVC - ok
20:01:16.0738 1636 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:01:16.0854 1636 secdrv - ok
20:01:17.0023 1636 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:01:17.0132 1636 seclogon - ok
20:01:17.0178 1636 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
20:01:17.0281 1636 SENS - ok
20:01:17.0427 1636 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:01:17.0551 1636 Serenum - ok
20:01:17.0589 1636 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:01:17.0726 1636 Serial - ok
20:01:17.0848 1636 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:01:17.0938 1636 sermouse - ok
20:01:17.0984 1636 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:01:18.0057 1636 SessionEnv - ok
20:01:18.0147 1636 SfCtlCom (52c525bf4d78125a5064d0d1705f04b6) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
20:01:18.0190 1636 SfCtlCom - ok
20:01:18.0338 1636 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:01:18.0427 1636 sffdisk - ok
20:01:18.0461 1636 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:01:18.0544 1636 sffp_mmc - ok
20:01:18.0712 1636 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:01:18.0808 1636 sffp_sd - ok
20:01:18.0838 1636 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:01:18.0935 1636 sfloppy - ok
20:01:19.0043 1636 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:01:19.0127 1636 SharedAccess - ok
20:01:19.0253 1636 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:01:19.0330 1636 ShellHWDetection - ok
20:01:19.0493 1636 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:01:19.0525 1636 SiSRaid2 - ok
20:01:19.0562 1636 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:01:19.0596 1636 SiSRaid4 - ok
20:01:19.0704 1636 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:01:20.0385 1636 SkypeUpdate - ok
20:01:20.0919 1636 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:01:21.0055 1636 slsvc - ok
20:01:21.0153 1636 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:01:21.0218 1636 SLUINotify - ok
20:01:21.0321 1636 SmartFaceVWatchSrv (79ed2d6dec26e0fefb93ea21f09e6a51) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
20:01:21.0386 1636 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
20:01:21.0386 1636 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
20:01:21.0510 1636 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:01:21.0590 1636 Smb - ok
20:01:21.0698 1636 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:01:21.0725 1636 SNMPTRAP - ok
20:01:21.0769 1636 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:01:21.0801 1636 spldr - ok
20:01:21.0913 1636 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:01:21.0990 1636 Spooler - ok
20:01:22.0060 1636 sprtsvc_verizondm - ok
20:01:22.0190 1636 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:01:22.0286 1636 srv - ok
20:01:22.0442 1636 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:01:22.0514 1636 srv2 - ok
20:01:22.0654 1636 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:01:22.0697 1636 srvnet - ok
20:01:22.0736 1636 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:01:22.0811 1636 SSDPSRV - ok
20:01:22.0932 1636 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:01:22.0958 1636 SstpSvc - ok
20:01:23.0000 1636 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:01:23.0067 1636 stisvc - ok
20:01:23.0129 1636 SVRPEDRV - ok
20:01:23.0205 1636 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:01:23.0233 1636 swenum - ok
20:01:23.0306 1636 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:01:23.0391 1636 swprv - ok
20:01:23.0476 1636 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:01:23.0515 1636 Symc8xx - ok
20:01:23.0585 1636 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:01:23.0624 1636 Sym_hi - ok
20:01:23.0699 1636 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:01:23.0730 1636 Sym_u3 - ok
20:01:23.0804 1636 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
20:01:23.0849 1636 SynTP - ok
20:01:23.0935 1636 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:01:24.0089 1636 SysMain - ok
20:01:24.0190 1636 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:01:24.0237 1636 TabletInputService - ok
20:01:24.0276 1636 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:01:24.0339 1636 TapiSrv - ok
20:01:24.0429 1636 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:01:24.0489 1636 TBS - ok
20:01:24.0595 1636 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
20:01:24.0701 1636 Tcpip - ok
20:01:24.0860 1636 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
20:01:24.0929 1636 Tcpip6 - ok
20:01:25.0046 1636 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:01:25.0121 1636 tcpipreg - ok
20:01:25.0260 1636 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:01:25.0287 1636 tdcmdpst - ok
20:01:25.0316 1636 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:01:25.0397 1636 TDPIPE - ok
20:01:25.0473 1636 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:01:25.0553 1636 TDTCP - ok
20:01:25.0606 1636 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:01:25.0680 1636 tdx - ok
20:01:25.0777 1636 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:01:25.0810 1636 TermDD - ok
20:01:25.0858 1636 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:01:25.0985 1636 TermService - ok
20:01:26.0060 1636 tgsrvc_verizondm - ok
20:01:26.0164 1636 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:01:26.0192 1636 Themes - ok
20:01:26.0220 1636 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:01:26.0278 1636 THREADORDER - ok
20:01:26.0427 1636 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:01:26.0444 1636 TMachInfo - ok
20:01:26.0543 1636 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
20:01:26.0575 1636 TMBMServer - ok
20:01:26.0679 1636 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
20:01:26.0720 1636 tmlwf - ok
20:01:26.0814 1636 TmPfw (c52867f238ef1aafcd35f8d134b8ab10) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
20:01:26.0852 1636 TmPfw - ok
20:01:26.0957 1636 tmpreflt (1889f49a828b1cf0e2866cdd325875b0) C:\Windows\system32\DRIVERS\tmpreflt.sys
20:01:26.0986 1636 tmpreflt - ok
20:01:27.0089 1636 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
20:01:27.0156 1636 TmProxy - ok
20:01:27.0302 1636 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
20:01:27.0320 1636 tmtdi - ok
20:01:27.0361 1636 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
20:01:27.0421 1636 tmwfp - ok
20:01:27.0600 1636 tmxpflt (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Windows\system32\DRIVERS\tmxpflt.sys
20:01:27.0658 1636 tmxpflt - ok
20:01:27.0790 1636 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:01:27.0832 1636 TNaviSrv - ok
20:01:27.0959 1636 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
20:01:28.0007 1636 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
20:01:28.0007 1636 TODDSrv - detected UnsignedFile.Multi.Generic (1)
20:01:28.0096 1636 TosCoSrv (e17a81e6ad0e89630a3b0f2ed5cbbdf5) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:01:28.0143 1636 TosCoSrv - ok
20:01:28.0281 1636 TOSHIBA Bluetooth Service (4e5a8546709591d31ba086ca2a69cecd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:01:28.0319 1636 TOSHIBA Bluetooth Service - ok
20:01:28.0396 1636 TOSHIBA SMART Log Service (19d979b9f6373a7cb17ebb7594feb819) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
20:01:28.0436 1636 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
20:01:28.0436 1636 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
20:01:28.0554 1636 Tosrfcom - ok
20:01:28.0599 1636 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
20:01:28.0670 1636 tosrfec - ok
20:01:28.0788 1636 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
20:01:28.0843 1636 tos_sps64 - ok
20:01:28.0883 1636 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:01:28.0953 1636 TrkWks - ok
20:01:29.0034 1636 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:01:29.0102 1636 TrustedInstaller - ok
20:01:29.0166 1636 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:29.0236 1636 tssecsrv - ok
20:01:29.0306 1636 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:01:29.0351 1636 tunmp - ok
20:01:29.0428 1636 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:01:29.0472 1636 tunnel - ok
20:01:29.0611 1636 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:01:29.0637 1636 TVALZ - ok
20:01:29.0681 1636 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:01:29.0717 1636 uagp35 - ok
20:01:29.0839 1636 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:01:29.0915 1636 udfs - ok
20:01:30.0000 1636 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:01:30.0087 1636 UI0Detect - ok
20:01:30.0197 1636 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:01:30.0263 1636 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
20:01:30.0263 1636 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
20:01:30.0367 1636 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:01:30.0403 1636 uliagpkx - ok
20:01:30.0433 1636 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:01:30.0479 1636 uliahci - ok
20:01:30.0590 1636 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:01:30.0627 1636 UlSata - ok
20:01:30.0656 1636 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:01:30.0698 1636 ulsata2 - ok
20:01:30.0788 1636 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:01:30.0856 1636 umbus - ok
20:01:30.0963 1636 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:01:31.0027 1636 UMVPFSrv - ok
20:01:31.0126 1636 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:01:31.0237 1636 upnphost - ok
20:01:31.0379 1636 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:01:31.0407 1636 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
20:01:31.0407 1636 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
20:01:31.0457 1636 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
20:01:31.0524 1636 usbaudio - ok
20:01:31.0663 1636 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:31.0735 1636 usbccgp - ok
20:01:31.0776 1636 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:01:31.0887 1636 usbcir - ok
20:01:32.0007 1636 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:01:32.0066 1636 usbehci - ok
20:01:32.0109 1636 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:01:32.0192 1636 usbhub - ok
20:01:32.0232 1636 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:01:32.0346 1636 usbohci - ok
20:01:32.0447 1636 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
20:01:32.0556 1636 usbprint - ok
20:01:32.0599 1636 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:32.0676 1636 USBSTOR - ok
20:01:32.0788 1636 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:32.0842 1636 usbuhci - ok
20:01:32.0896 1636 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
20:01:32.0980 1636 usbvideo - ok
20:01:33.0110 1636 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:01:33.0137 1636 UVCFTR - ok
20:01:33.0165 1636 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:01:33.0218 1636 UxSms - ok
20:01:33.0261 1636 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:01:33.0358 1636 vds - ok
20:01:33.0481 1636 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:33.0566 1636 vga - ok
20:01:33.0655 1636 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:01:33.0736 1636 VgaSave - ok
20:01:33.0765 1636 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:01:33.0793 1636 viaide - ok
20:01:33.0827 1636 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:01:33.0862 1636 volmgr - ok
20:01:33.0975 1636 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:01:34.0057 1636 volmgrx - ok
20:01:34.0106 1636 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:01:34.0163 1636 volsnap - ok
20:01:34.0343 1636 vsapint (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Windows\system32\DRIVERS\vsapint.sys
20:01:34.0471 1636 vsapint - ok
20:01:34.0584 1636 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:01:34.0625 1636 vsmraid - ok
20:01:34.0693 1636 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:01:34.0847 1636 VSS - ok
20:01:34.0948 1636 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:01:35.0035 1636 W32Time - ok
20:01:35.0089 1636 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:01:35.0207 1636 WacomPen - ok
20:01:35.0293 1636 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:35.0370 1636 Wanarp - ok
20:01:35.0376 1636 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:35.0423 1636 Wanarpv6 - ok
20:01:35.0468 1636 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:01:35.0571 1636 wcncsvc - ok
20:01:35.0664 1636 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:01:35.0730 1636 WcsPlugInService - ok
20:01:35.0786 1636 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:01:35.0818 1636 Wd - ok
20:01:35.0932 1636 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:01:36.0014 1636 Wdf01000 - ok
20:01:36.0051 1636 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:01:36.0124 1636 WdiServiceHost - ok
20:01:36.0129 1636 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:01:36.0190 1636 WdiSystemHost - ok
20:01:36.0291 1636 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:01:36.0353 1636 WebClient - ok
20:01:36.0416 1636 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:01:36.0482 1636 Wecsvc - ok
20:01:36.0576 1636 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:01:36.0631 1636 wercplsupport - ok
20:01:36.0657 1636 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:01:36.0733 1636 WerSvc - ok
20:01:36.0847 1636 WinDefend - ok
20:01:36.0858 1636 WinHttpAutoProxySvc - ok
20:01:36.0993 1636 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:01:37.0060 1636 Winmgmt - ok
20:01:37.0245 1636 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:01:37.0418 1636 WinRM - ok
20:01:37.0597 1636 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:01:37.0670 1636 Wlansvc - ok
20:01:37.0781 1636 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
20:01:37.0855 1636 WmiAcpi - ok
20:01:37.0923 1636 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:01:37.0989 1636 wmiApSrv - ok
20:01:38.0049 1636 WMPNetworkSvc - ok
20:01:38.0141 1636 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:01:38.0217 1636 WPCSvc - ok
20:01:38.0246 1636 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:01:38.0312 1636 WPDBusEnum - ok
20:01:38.0454 1636 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
20:01:38.0520 1636 WpdUsb - ok
20:01:38.0707 1636 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:01:38.0781 1636 WPFFontCache_v0400 - ok
20:01:38.0904 1636 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:01:38.0983 1636 ws2ifsl - ok
20:01:39.0082 1636 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
20:01:39.0110 1636 wscsvc - ok
20:01:39.0120 1636 WSearch - ok
20:01:39.0245 1636 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:01:39.0387 1636 wuauserv - ok
20:01:39.0579 1636 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:39.0675 1636 WUDFRd - ok
20:01:39.0715 1636 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:01:39.0784 1636 wudfsvc - ok
20:01:39.0805 1636 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:01:40.0871 1636 \Device\Harddisk0\DR0 - ok
20:01:40.0909 1636 Boot (0x1200) (cbd7e6e66978af127db4f226ee041575) \Device\Harddisk0\DR0\Partition0
20:01:40.0911 1636 \Device\Harddisk0\DR0\Partition0 - ok
20:01:40.0911 1636 ============================================================
20:01:40.0911 1636 Scan finished
20:01:40.0911 1636 ============================================================
20:01:40.0927 6004 Detected object count: 14
20:01:40.0927 6004 Actual detected object count: 14
20:02:06.0225 6004 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0225 6004 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0228 6004 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0228 6004 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0231 6004 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0231 6004 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0231 6004 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0231 6004 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0234 6004 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0234 6004 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0237 6004 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0237 6004 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0240 6004 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0240 6004 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0242 6004 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0242 6004 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0245 6004 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0245 6004 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0248 6004 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0248 6004 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0248 6004 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0248 6004 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0251 6004 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0251 6004 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0254 6004 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0254 6004 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:06.0257 6004 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:06.0257 6004 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:41.0149 4820 Deinitialize success



ComboFix 12-04-15.02 - Joe 04/15/2012 20:08:08.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2684 [GMT -7:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 03:20 . 2012-04-16 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 02:33 . 2012-04-16 02:33 -------- d-----w- C:\_OTL
2012-04-14 10:06 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 10:05 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 10:05 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 10:05 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 10:05 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 10:05 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-14 10:05 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 10:05 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 03:35 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 03:35 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-03 15:32 . 2012-04-03 15:32 -------- d-----w- c:\program files\iPod
2012-04-03 15:31 . 2012-04-03 15:33 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 18:56 . 2012-03-02 18:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49 . 2012-03-14 16:57 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 16:57 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 16:57 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 16:57 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 16:57 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 16:57 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 16:57 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 16:57 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 16:57 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 16:57 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 16:57 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
"Octoshape Streaming Services"="c:\users\Joe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-09-02 206120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-23 19:16]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-23 19:16]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-30 20:44]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-30 20:44]
.
2012-04-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 3432448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.wallstreetjournal.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\o8ji4pw8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-MakeItLive - c:\program files (x86)\MakeItLive\UNINSTALL.exe
AddRemove-vShare - c:\program files (x86)\vShare\UNINSTALL.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe
c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe
.
**************************************************************************
.
Completion time: 2012-04-15 20:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 03:41
.
Pre-Run: 113,368,711,168 bytes free
Post-Run: 113,243,619,328 bytes free
.
- - End Of File - - 5F294D00DDEEB81914182923109388C9
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your OTL log showed some shady toolbars, which are removed now, but nothing too serious.

If you haven't done so already, I suggest you change the password of your email account.




Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#7
ace_porate

ace_porate

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
Everything seems to be running fine now, Gammo. Thank you for your help.

Cheers,
Ace
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP