Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaning computer for a friend, found ZeroAccess, root.mbr, browser redirects


  • This topic is locked This topic is locked
11 replies to this topic

#1 Ralph {IA2}

Ralph {IA2}

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 31 May 2013 - 04:54 PM

Hello there,

A friend of mine said that her computer had been acting up, so she was planning on taking it to Best Buy to let the Geek Squad take a look at it and fix it. I've had problems with the Geek Squad's service in the past, so I offered to take a look at her computer for her, and if what I found was beyond what I could do then she could take it in. First thing I noticed was a lot of programs on startup, but that's easy enough to fix. Went to the browser (IE at the time) to grab avg and mbam, and noticed that the default page was set to this "Swag Bucks" site, and that there was a "Swag Bucks" toolbar on the browser as well. Decided to get Firefox first, and as soon as it was finished installing, the "Swag Bucks" toolbar installed itself on that as well. Uninstalled anything and everything that I could find with Swag or Bucks in its name, and set up multiple runs of avg and mbam. Once those were done, I decided that I'd check for any rootkits while I was at it, since it seemed like Swag Bucks was an easy vector for malware given that it was already redirecting to its page from any other search engine and "tracking shopping habits." It seems like it bills itself as a shopping tool that rewards you for using it, searching through it, and buying stuff from the links it provides. I installed and ran RogueKiller just to see if anything popped, and it came back with a couple of registry keys, a couple of files, and a page on how to remove ZeroAccess. Went with ComboFix next, just a simple run without modifying any parameters, and once that was finished and had done its job I re-ran Rogue Killer. Again the registry keys popped, no files this time, however instead of ZeroAccess flashing up on the screen, this time it said root.mbr. I've since installed System Mechanic not to get rid of what is already there, but to help keep it clean once this gunk has been removed. Set the computer to run a defrag and left for the night. Came back, things seemed normal at first, then while browsing on Firefox a window opened in IE that went to a searchconduit site, then redirected to my Google calendar. Figured it was time to admit that I don't know enough to kill this thing for good, so I decided to bring it here, since I've had help cleaning rootkits from here before. Any help would be much appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Nancy Marie at 10:52:46 on 2013-05-31
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3963.1970 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/calendar/render?tab=wc
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/free-trial-peggle-deluxe/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.3 8.26.56.26 8.20.247.20
TCP: Interfaces\{B7E451D8-A669-423C-866C-BF5CCE869454} : DHCPNameServer = 192.168.1.3 8.26.56.26 8.20.247.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Gacela: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nancy Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3x2rc9xb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://host.serverdomain.net:2096/?login_theme=cpanel
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-8 55856]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-10-22 504912]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-5-28 30752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-5-28 1072664]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-5-28 82160]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe [2011-6-27 29184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-26 89920]
S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2010-10-22 954368]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
S4 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-29 16:25:46    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-29 16:25:46    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-29 05:29:00    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2013-05-28 19:52:42    17613192    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-22 05:08:42    57584    ----a-w-    C:\Windows\System32\iolobtdfg.exe
2013-05-22 05:08:34    26184    ----a-w-    C:\Windows\System32\smrgdf.exe
2013-05-22 04:48:10    2155688    ----a-w-    C:\Windows\System32\Incinerator64.dll
2013-05-22 04:48:08    2097472    ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2013-05-05 21:36:54    17818624    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43    12324864    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-03 21:15:58    75016696    ----a-w-    C:\Windows\System32\mrt.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:19:09    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59    237056    ----a-w-    C:\Windows\System32\url.dll
2013-04-05 00:57:27    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-04-04 19:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-29 07:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 08:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2013-03-18 04:36:24    82160    ----a-w-    C:\Windows\System32\drivers\PDFsFilter.sys
2013-03-18 04:36:22    69000    ----a-w-    C:\Windows\System32\offreg.dll
2013-03-18 04:36:22    56200    ----a-w-    C:\Windows\SysWow64\offreg.dll
2013-03-18 04:36:16    30752    ----a-w-    C:\Windows\System32\drivers\ElRawDsk.sys
2013-03-08 04:18:52    451072    ----a-w-    C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12    2425344    ----a-w-    C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22    2067968    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-03-03 19:13:14    1513320    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 10:58:11.04 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 PM

Posted 05 June 2013 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/496607 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 June 2013 - 08:26 AM

Hey There,

 

I've kept the computer in question off for the most part since the first post, but the main problems I had noticed were: RogueKiller report of ZeroAccess and root.mbr, browser redirects on searches, random loading of Internet Explorer instance then redirecting to my Google calendar (I hadn't used any of my Google accounts with IE on this computer), failure to download two system updates, and now the "Toshiba Service Station" fails to load on boot (it says to reboot or reinstall the application to fix it, rebooting didn't help and I don't have the Toshiba disc; I'm not sure how big of a problem this is given that I don't know what Toshiba Service Station does and doesn't do, but it's one more thing that isn't doing what it should). I do not have the original Windows disc. I am including updated DDS logs as requested. Thank you for your patience!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Nancy Marie at 8:06:01 on 2013-06-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3963.2178 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/calendar/render?tab=wc
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/free-trial-peggle-deluxe/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.3 8.26.56.26 8.20.247.20
TCP: Interfaces\{B7E451D8-A669-423C-866C-BF5CCE869454} : DHCPNameServer = 192.168.1.3 8.26.56.26 8.20.247.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Gacela: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nancy Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3x2rc9xb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://host.serverdomain.net:2096/?login_theme=cpanel
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Nancy Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-8 55856]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-10-22 504912]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-5-28 30752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-5-28 1072664]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-5-28 82160]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe [2011-6-27 29184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-26 89920]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2010-10-22 954368]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
S4 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-29 16:25:46    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-29 16:25:46    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-29 05:29:00    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2013-05-28 19:52:42    17613192    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-22 05:08:42    57584    ----a-w-    C:\Windows\System32\iolobtdfg.exe
2013-05-22 05:08:34    26184    ----a-w-    C:\Windows\System32\smrgdf.exe
2013-05-22 04:48:10    2155688    ----a-w-    C:\Windows\System32\Incinerator64.dll
2013-05-22 04:48:08    2097472    ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2013-05-05 21:36:54    17818624    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43    12324864    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-03 21:15:58    75016696    ----a-w-    C:\Windows\System32\mrt.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:19:09    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59    237056    ----a-w-    C:\Windows\System32\url.dll
2013-04-05 00:57:27    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-04-04 19:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-29 07:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 08:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2013-03-18 04:36:24    82160    ----a-w-    C:\Windows\System32\drivers\PDFsFilter.sys
2013-03-18 04:36:22    69000    ----a-w-    C:\Windows\System32\offreg.dll
2013-03-18 04:36:22    56200    ----a-w-    C:\Windows\SysWow64\offreg.dll
2013-03-18 04:36:16    30752    ----a-w-    C:\Windows\System32\drivers\ElRawDsk.sys
.
============= FINISH:  8:09:43.53 ===============
 

Attached File  Attach 201306060813.txt   8.72KB   0 downloads



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 06 June 2013 - 10:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 June 2013 - 05:47 PM

Hi nasdaq,

Thank you for responding. I've included the logs below. Have not noticed any browser redirects, though I haven't had it up, running, and connected to the internet that long. Toshiba System Services are still not working, and trying to install 2 Windows security updates returns error code FFFFFFFE. Not sure what the problem is there, or if that would even be malware/ rootkit related.

 

Cheers,

Ralph

 

# AdwCleaner v2.301 - Logfile created 06/06/2013 at 11:42:05
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Nancy Marie - NANCYMARIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Nancy Marie\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Nancy Marie\AppData\Local\Conduit
Deleted on reboot : C:\Users\Nancy Marie\AppData\Local\ConduitEngine
Deleted on reboot : C:\Users\Nancy Marie\AppData\LocalLow\Conduit
File Deleted : C:\Users\Nancy Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3x2rc9xb.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Nancy Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3x2rc9xb.default\prefs.js

Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Swag Bucks Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=[...]

*************************

AdwCleaner[S1].txt - [2228 octets] - [06/06/2013 11:42:05]

########## EOF - C:\AdwCleaner[S1].txt - [2288 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Nancy Marie on Thu 06/06/2013 at 11:51:10.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nancy Marie\appdata\local\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Nancy Marie\appdata\local\{1bb51f71-5cf1-7c28-3ab7-d5c029abcbb6}



~~~ FireFox

Emptied folder: C:\Users\Nancy Marie\AppData\Roaming\mozilla\firefox\profiles\3x2rc9xb.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/06/2013 at 13:28:28.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

ComboFix 13-06-06.04 - Nancy Marie 06/06/2013  14:26:20.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3963.2595 [GMT -5:00]
Running from: c:\users\Nancy Marie\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-06 to 2013-06-06  )))))))))))))))))))))))))))))))
.
.
2013-06-06 20:01 . 2013-06-06 20:01    --------    d-----w-    c:\users\Nancy Marie\AppData\Local\temp
2013-06-06 20:01 . 2013-06-06 20:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-06 19:08 . 2013-05-13 04:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA366DFC-E468-4EF7-B050-FB9AE3F5D9B4}\mpengine.dll
2013-06-06 16:51 . 2013-06-06 16:51    --------    d-----w-    c:\windows\ERUNT
2013-06-06 16:50 . 2013-06-06 16:50    --------    d-----w-    C:\JRT
2013-06-06 16:42 . 2013-06-06 16:42    235    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-06-03 05:51 . 2013-05-13 04:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 15:05 . 2013-05-22 04:48    2155688    ----a-w-    c:\windows\system32\Incinerator64.dll
2013-05-31 15:05 . 2013-05-22 04:48    2097472    ----a-w-    c:\windows\SysWow64\Incinerator32.dll
2013-05-31 15:04 . 2013-05-31 15:04    --------    d-----w-    C:\iolo
2013-05-29 22:04 . 2013-05-29 22:04    --------    d-----w-    c:\users\Nancy Marie\AppData\Roaming\Auslogics
2013-05-29 22:04 . 2013-05-29 22:04    --------    d-----w-    c:\program files (x86)\Auslogics
2013-05-29 18:55 . 2013-05-29 18:54    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B58B9E8-04F0-4E7B-BEF5-91BCB5491E8B}\gapaengine.dll
2013-05-29 05:28 . 2013-05-29 05:29    74703    ----a-w-    c:\windows\SysWow64\mfc45.dat
2013-05-28 21:48 . 2013-03-18 04:36    82160    ----a-w-    c:\windows\system32\drivers\PDFsFilter.sys
2013-05-28 21:48 . 2013-05-22 05:08    57584    ----a-w-    c:\windows\system32\iolobtdfg.exe
2013-05-28 21:48 . 2013-05-22 05:08    26184    ----a-w-    c:\windows\system32\smrgdf.exe
2013-05-28 21:48 . 2013-03-18 04:36    69000    ----a-w-    c:\windows\system32\offreg.dll
2013-05-28 21:48 . 2013-03-18 04:36    56200    ----a-w-    c:\windows\SysWow64\offreg.dll
2013-05-28 21:48 . 2013-05-28 21:48    --------    d-----w-    c:\program files (x86)\iolo
2013-05-28 21:46 . 2013-03-18 04:36    30752    ----a-w-    c:\windows\system32\drivers\ElRawDsk.sys
2013-05-28 21:45 . 2013-05-31 15:38    --------    d-----w-    c:\programdata\iolo
2013-05-28 21:45 . 2013-05-29 00:45    --------    d-----w-    c:\users\Nancy Marie\AppData\Roaming\iolo
2013-05-28 21:39 . 2013-05-28 21:39    --------    d-----w-    c:\users\Nancy Marie\AppData\Roaming\AVG2013
2013-05-28 21:37 . 2013-05-28 21:37    --------    d-----w-    c:\users\Nancy Marie\AppData\Roaming\TuneUp Software
2013-05-28 21:35 . 2013-05-28 21:35    --------    d-----w-    C:\$AVG
2013-05-28 21:35 . 2013-05-31 15:47    --------    d-----w-    c:\programdata\AVG2013
2013-05-28 21:33 . 2013-05-28 21:33    --------    d-----w-    c:\program files (x86)\AVG
2013-05-28 21:30 . 2013-06-06 16:34    --------    d-----w-    c:\programdata\MFAData
2013-05-28 21:30 . 2013-05-28 22:03    --------    d-----w-    c:\users\Nancy Marie\AppData\Local\Avg2013
2013-05-28 21:30 . 2013-05-28 21:30    --------    d--h--w-    c:\programdata\Common Files
2013-05-28 21:30 . 2013-05-28 21:30    --------    d-----w-    c:\users\Nancy Marie\AppData\Local\MFAData
2013-05-28 21:28 . 2013-05-28 21:28    --------    d-----w-    c:\users\Nancy Marie\AppData\Roaming\Malwarebytes
2013-05-28 21:27 . 2013-05-28 21:27    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-28 21:27 . 2013-05-28 21:28    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-28 21:27 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-28 20:33 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-05-28 20:33 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-05-28 20:33 . 2009-07-14 12:19    20480    ----a-w-    c:\windows\system32\winusb.dll
2013-05-28 20:33 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-05-28 20:33 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-05-28 20:33 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-05-28 20:33 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-05-28 20:33 . 2009-07-14 12:12    16896    ----a-w-    c:\windows\SysWow64\winusb.dll
2013-05-28 20:33 . 2012-07-26 04:55    785512    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-05-28 20:33 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-05-28 20:33 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-05-28 20:33 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-05-28 20:33 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-05-28 20:17 . 2013-05-28 20:17    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-05-28 20:17 . 2013-05-28 20:17    588728    ----a-w-    c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-05-28 20:17 . 2013-05-28 20:17    129976    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-05-28 20:17 . 2013-05-28 20:17    157352    ----a-w-    c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-05-28 20:17 . 2013-05-28 20:17    43960    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-05-28 20:13 . 2013-05-28 20:13    --------    d-----w-    c:\users\Nancy Marie\AppData\Local\Macromedia
2013-05-28 20:03 . 2013-05-28 20:03    --------    d-----w-    c:\program files\iPod
2013-05-28 20:03 . 2013-05-28 20:05    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-28 20:03 . 2013-05-28 20:04    --------    d-----w-    c:\program files\iTunes
2013-05-28 20:03 . 2013-05-28 20:04    --------    d-----w-    c:\program files (x86)\iTunes
2013-05-28 20:01 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-28 20:01 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-28 20:01 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-28 19:56 . 2012-12-16 13:31    48128    ----a-w-    c:\windows\system32\atmlib.dll
2013-05-28 19:56 . 2012-12-16 13:12    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-05-28 19:56 . 2012-12-16 11:08    368128    ----a-w-    c:\windows\system32\atmfd.dll
2013-05-28 19:56 . 2012-12-16 10:50    293376    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-05-28 18:20 . 2012-09-25 16:31    91648    ----a-w-    c:\windows\system32\synceng.dll
2013-05-28 18:20 . 2012-09-25 16:19    75776    ----a-w-    c:\windows\SysWow64\synceng.dll
2013-05-28 18:20 . 2013-03-03 19:13    1513320    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-28 18:19 . 2012-11-20 04:21    253952    ----a-w-    c:\windows\system32\ncrypt.dll
2013-05-28 18:19 . 2012-11-20 04:22    204288    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-05-28 18:19 . 2012-09-28 16:34    1210368    ----a-w-    c:\windows\system32\kernel32.dll
2013-05-28 18:19 . 2013-01-04 11:31    1417576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-28 18:19 . 2013-01-04 02:23    40448    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-05-28 18:17 . 2012-11-02 10:45    477696    ----a-w-    c:\windows\system32\dpnet.dll
2013-05-28 18:17 . 2012-11-02 10:45    68096    ----a-w-    c:\windows\system32\dpnathlp.dll
2013-05-28 18:17 . 2012-11-02 10:18    376320    ----a-w-    c:\windows\SysWow64\dpnet.dll
2013-05-28 18:17 . 2012-11-02 08:59    26112    ----a-w-    c:\windows\system32\dpnsvr.exe
2013-05-28 18:17 . 2012-11-02 08:26    23040    ----a-w-    c:\windows\SysWow64\dpnsvr.exe
2013-05-28 18:17 . 2012-11-13 01:45    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-05-28 18:17 . 2012-11-13 01:29    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-05-10 07:57 . 2013-05-10 07:57    187456    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 16:25 . 2012-05-12 20:25    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 16:25 . 2011-07-06 20:30    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 19:52 . 2012-05-12 20:52    17613192    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-03 21:15 . 2006-11-02 12:35    75016696    ----a-w-    c:\windows\system32\mrt.exe
2013-05-02 15:29 . 2011-09-19 17:39    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-29 07:53 . 2013-03-29 07:53    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 08:08 . 2013-03-21 08:08    240952    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a822fe3-0e68-11e1-ab6c-c0e260470266}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2903e4d-ddc0-11df-b4e8-001e33ab1c3e}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 16:25]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 04:21]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 04:21]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299202380-3588868795-1121966660-1000Core.job
- c:\users\Nancy Marie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 22:51]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1299202380-3588868795-1121966660-1000UA.job
- c:\users\Nancy Marie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 22:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/calendar/render?tab=wc
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.3 8.26.56.26 8.20.247.20
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
FF - ProfilePath - c:\users\Nancy Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3x2rc9xb.default\
FF - prefs.js: browser.startup.homepage - hxxps://host.serverdomain.net:2096/?login_theme=cpanel
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-06-06  15:21:16
ComboFix-quarantined-files.txt  2013-06-06 20:21
.
Pre-Run: 210,543,423,488 bytes free
Post-Run: 210,495,467,520 bytes free
.
- - End Of File - - FF08AA50DA68B3DBA52A4F8ED27AFBE1
 

 

 

 Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 22  
 Java™ 6 Update 6  
 Java version out of Date!
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 12.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 AVG avgwdsvc.exe
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 07 June 2013 - 07:57 AM


The updates failed because they may still be some malware on the computer.
Or possibly some settings were changed by the ZeroAccess infection.
Lets continue.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#7 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 07 June 2013 - 11:17 AM

Hello nasdaq,

Rebooted after TDSSKiller ran, and it initialized again on startup. I did not re-scan. Including logs below and attached mbr.dat file. Thanks for your help so far.

 

09:26:51.0971 4124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:26:52.0673 4124  ============================================================
09:26:52.0673 4124  Current date / time: 2013/06/07 09:26:52.0673
09:26:52.0673 4124  SystemInfo:
09:26:52.0673 4124  
09:26:52.0673 4124  OS Version: 6.0.6002 ServicePack: 2.0
09:26:52.0673 4124  Product type: Workstation
09:26:52.0673 4124  ComputerName: NANCYMARIE-PC
09:26:52.0689 4124  UserName: Nancy Marie
09:26:52.0689 4124  Windows directory: C:\Windows
09:26:52.0689 4124  System windows directory: C:\Windows
09:26:52.0689 4124  Running under WOW64
09:26:52.0689 4124  Processor architecture: Intel x64
09:26:52.0689 4124  Number of processors: 2
09:26:52.0689 4124  Page size: 0x1000
09:26:52.0689 4124  Boot type: Normal boot
09:26:52.0689 4124  ============================================================
09:26:57.0025 4124  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:26:57.0057 4124  ============================================================
09:26:57.0057 4124  \Device\Harddisk0\DR0:
09:26:57.0057 4124  MBR partitions:
09:26:57.0057 4124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2411A800
09:26:57.0057 4124  ============================================================
09:26:57.0072 4124  C: <-> \Device\Harddisk0\DR0\Partition1
09:26:57.0072 4124  ============================================================
09:26:57.0072 4124  Initialize success
09:26:57.0072 4124  ============================================================
09:27:32.0094 4084  ============================================================
09:27:32.0094 4084  Scan started
09:27:32.0094 4084  Mode: Manual; SigCheck; TDLFS;
09:27:32.0094 4084  ============================================================
09:27:32.0547 4084  ================ Scan system memory ========================
09:27:32.0547 4084  System memory - ok
09:27:32.0547 4084  ================ Scan services =============================
09:27:32.0905 4084  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:27:33.0046 4084  ACPI - ok
09:27:33.0171 4084  [ C004F38974F4D321B4C20A240E1175C0 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
09:27:33.0186 4084  AdobeActiveFileMonitor9.0 - ok
09:27:33.0295 4084  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:27:33.0311 4084  AdobeARMservice - ok
09:27:33.0467 4084  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:27:33.0483 4084  AdobeFlashPlayerUpdateSvc - ok
09:27:33.0607 4084  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:27:33.0685 4084  adp94xx - ok
09:27:33.0701 4084  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:27:33.0732 4084  adpahci - ok
09:27:33.0748 4084  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:27:33.0779 4084  adpu160m - ok
09:27:33.0779 4084  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:27:33.0810 4084  adpu320 - ok
09:27:33.0857 4084  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:27:33.0919 4084  AeLookupSvc - ok
09:27:33.0982 4084  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
09:27:34.0060 4084  AFD - ok
09:27:34.0122 4084  [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
09:27:34.0169 4084  AgereModemAudio - ok
09:27:34.0216 4084  [ 3627A62B10284FFBF862BFD49928EDF4 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
09:27:34.0278 4084  AgereSoftModem - ok
09:27:34.0341 4084  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:27:34.0372 4084  agp440 - ok
09:27:34.0419 4084  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:27:34.0450 4084  aic78xx - ok
09:27:34.0481 4084  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
09:27:34.0543 4084  ALG - ok
09:27:34.0575 4084  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:27:34.0606 4084  aliide - ok
09:27:34.0621 4084  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
09:27:34.0637 4084  amdide - ok
09:27:34.0684 4084  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:27:34.0746 4084  AmdK8 - ok
09:27:34.0809 4084  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
09:27:34.0855 4084  Appinfo - ok
09:27:34.0965 4084  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:27:34.0980 4084  Apple Mobile Device - ok
09:27:35.0121 4084  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
09:27:35.0152 4084  arc - ok
09:27:35.0199 4084  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:27:35.0230 4084  arcsas - ok
09:27:35.0261 4084  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:27:35.0339 4084  AsyncMac - ok
09:27:35.0386 4084  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:27:35.0417 4084  atapi - ok
09:27:35.0495 4084  [ 45511C7E870D3ADDDD60049232EA96B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:27:35.0667 4084  athr - ok
09:27:35.0729 4084  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:27:35.0823 4084  AudioEndpointBuilder - ok
09:27:35.0916 4084  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:27:35.0979 4084  AudioSrv - ok
09:27:36.0181 4084  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
09:27:36.0494 4084  AVGIDSAgent - ok
09:27:36.0572 4084  [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:27:37.0040 4084  AVGIDSDriver - ok
09:27:37.0072 4084  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
09:27:37.0103 4084  AVGIDSHA - ok
09:27:37.0165 4084  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
09:27:37.0196 4084  Avgldx64 - ok
09:27:37.0259 4084  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
09:27:37.0290 4084  Avgloga - ok
09:27:37.0321 4084  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
09:27:37.0352 4084  Avgmfx64 - ok
09:27:37.0384 4084  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
09:27:37.0399 4084  Avgrkx64 - ok
09:27:37.0446 4084  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
09:27:37.0462 4084  Avgtdia - ok
09:27:37.0524 4084  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
09:27:37.0540 4084  avgwd - ok
09:27:37.0571 4084  Beep - ok
09:27:37.0633 4084  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
09:27:37.0680 4084  BFE - ok
09:27:37.0758 4084  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
09:27:37.0836 4084  BITS - ok
09:27:37.0898 4084  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:27:37.0961 4084  blbdrive - ok
09:27:38.0148 4084  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:27:38.0226 4084  Bonjour Service - ok
09:27:38.0257 4084  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:27:38.0351 4084  bowser - ok
09:27:38.0413 4084  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:27:38.0476 4084  BrFiltLo - ok
09:27:38.0491 4084  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:27:38.0554 4084  BrFiltUp - ok
09:27:38.0600 4084  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
09:27:38.0678 4084  Browser - ok
09:27:38.0694 4084  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:27:38.0866 4084  Brserid - ok
09:27:38.0881 4084  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:27:38.0944 4084  BrSerWdm - ok
09:27:38.0959 4084  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:27:39.0022 4084  BrUsbMdm - ok
09:27:39.0037 4084  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:27:39.0100 4084  BrUsbSer - ok
09:27:39.0115 4084  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:27:39.0178 4084  BTHMODEM - ok
09:27:39.0349 4084  catchme - ok
09:27:39.0380 4084  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:27:39.0427 4084  cdfs - ok
09:27:39.0474 4084  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:27:39.0521 4084  cdrom - ok
09:27:39.0583 4084  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:27:39.0614 4084  CertPropSvc - ok
09:27:39.0646 4084  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:27:39.0692 4084  circlass - ok
09:27:39.0739 4084  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
09:27:39.0802 4084  CLFS - ok
09:27:39.0942 4084  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:27:39.0958 4084  clr_optimization_v2.0.50727_32 - ok
09:27:40.0051 4084  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:27:40.0082 4084  clr_optimization_v2.0.50727_64 - ok
09:27:40.0176 4084  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:27:40.0207 4084  clr_optimization_v4.0.30319_32 - ok
09:27:40.0223 4084  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:27:40.0254 4084  clr_optimization_v4.0.30319_64 - ok
09:27:40.0285 4084  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:27:40.0348 4084  CmBatt - ok
09:27:40.0363 4084  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:27:40.0379 4084  cmdide - ok
09:27:40.0410 4084  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:27:40.0426 4084  Compbatt - ok
09:27:40.0441 4084  COMSysApp - ok
09:27:40.0472 4084  [ 5AC8A997E8D9C131B5F90B4F3CCFAE34 ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
09:27:40.0488 4084  ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
09:27:40.0488 4084  ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
09:27:40.0566 4084  [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
09:27:40.0582 4084  ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
09:27:40.0582 4084  ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
09:27:40.0597 4084  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:27:40.0628 4084  crcdisk - ok
09:27:40.0675 4084  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:27:40.0691 4084  CryptSvc - ok
09:27:40.0753 4084  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:27:40.0800 4084  DcomLaunch - ok
09:27:40.0831 4084  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:27:40.0862 4084  DfsC - ok
09:27:41.0003 4084  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
09:27:41.0206 4084  DFSR - ok
09:27:41.0284 4084  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:27:41.0315 4084  Dhcp - ok
09:27:41.0346 4084  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
09:27:41.0377 4084  disk - ok
09:27:41.0393 4084  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:27:41.0424 4084  Dnscache - ok
09:27:41.0471 4084  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:27:41.0502 4084  dot3svc - ok
09:27:41.0564 4084  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
09:27:41.0611 4084  DPS - ok
09:27:41.0674 4084  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:27:41.0705 4084  drmkaud - ok
09:27:41.0767 4084  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:27:41.0845 4084  DXGKrnl - ok
09:27:41.0845 4084  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
09:27:41.0908 4084  E1G60 - ok
09:27:41.0954 4084  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
09:27:41.0986 4084  EapHost - ok
09:27:42.0032 4084  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:27:42.0064 4084  Ecache - ok
09:27:42.0313 4084  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:27:42.0360 4084  ehRecvr - ok
09:27:42.0376 4084  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
09:27:42.0407 4084  ehSched - ok
09:27:42.0438 4084  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
09:27:42.0469 4084  ehstart - ok
09:27:42.0500 4084  [ 627350A11295D82BF78D155B12FFD0EF ] ElRawDisk       C:\Windows\system32\drivers\ElRawDsk.sys
09:27:42.0516 4084  ElRawDisk - ok
09:27:42.0563 4084  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:27:42.0594 4084  elxstor - ok
09:27:42.0703 4084  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:27:42.0766 4084  EMDMgmt - ok
09:27:42.0781 4084  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:27:42.0828 4084  ErrDev - ok
09:27:42.0906 4084  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
09:27:42.0953 4084  EventSystem - ok
09:27:43.0000 4084  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:27:43.0062 4084  exfat - ok
09:27:43.0124 4084  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:27:43.0171 4084  fastfat - ok
09:27:43.0202 4084  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:27:43.0265 4084  fdc - ok
09:27:43.0296 4084  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
09:27:43.0343 4084  fdPHost - ok
09:27:43.0358 4084  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
09:27:43.0421 4084  FDResPub - ok
09:27:43.0436 4084  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:27:43.0468 4084  FileInfo - ok
09:27:43.0468 4084  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:27:43.0514 4084  Filetrace - ok
09:27:43.0530 4084  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:27:43.0561 4084  flpydisk - ok
09:27:43.0592 4084  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:27:43.0608 4084  FltMgr - ok
09:27:43.0686 4084  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
09:27:43.0951 4084  FontCache - ok
09:27:44.0076 4084  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:27:44.0092 4084  FontCache3.0.0.0 - ok
09:27:44.0123 4084  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:27:44.0154 4084  Fs_Rec - ok
09:27:44.0185 4084  [ 54891A87BA8DBFAC580A3D256F4D2CEB ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
09:27:44.0216 4084  FTDIBUS - ok
09:27:44.0248 4084  [ 7C98F85966A11D1A4214FA8B48BE6A44 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
09:27:44.0263 4084  FTSER2K - ok
09:27:44.0310 4084  [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
09:27:44.0327 4084  FwLnk - ok
09:27:44.0358 4084  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:27:44.0389 4084  gagp30kx - ok
09:27:44.0451 4084  [ 9DCF7DFE5FDBB0A47F8EE01FE13C2876 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
09:27:44.0545 4084  GameConsoleService - ok
09:27:44.0592 4084  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:27:44.0607 4084  GEARAspiWDM - ok
09:27:44.0670 4084  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:27:44.0717 4084  gpsvc - ok
09:27:44.0779 4084  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:27:44.0810 4084  gupdate - ok
09:27:44.0826 4084  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:27:44.0841 4084  gupdatem - ok
09:27:44.0904 4084  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:27:44.0919 4084  gusvc - ok
09:27:44.0997 4084  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:27:45.0075 4084  HdAudAddService - ok
09:27:45.0138 4084  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:27:45.0185 4084  HDAudBus - ok
09:27:45.0185 4084  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:27:45.0247 4084  HidBth - ok
09:27:45.0263 4084  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:27:45.0325 4084  HidIr - ok
09:27:45.0342 4084  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
09:27:45.0388 4084  hidserv - ok
09:27:45.0404 4084  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:27:45.0435 4084  HidUsb - ok
09:27:45.0466 4084  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:27:45.0513 4084  hkmsvc - ok
09:27:45.0529 4084  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:27:45.0560 4084  HpCISSs - ok
09:27:45.0591 4084  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:27:45.0638 4084  HTTP - ok
09:27:45.0685 4084  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:27:45.0716 4084  i2omp - ok
09:27:45.0747 4084  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:27:45.0794 4084  i8042prt - ok
09:27:45.0888 4084  [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:27:45.0934 4084  IAANTMON - ok
09:27:45.0981 4084  [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:27:46.0059 4084  iaStor - ok
09:27:46.0106 4084  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:27:46.0137 4084  iaStorV - ok
09:27:46.0200 4084  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:27:46.0231 4084  IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:27:46.0231 4084  IDriverT - detected UnsignedFile.Multi.Generic (1)
09:27:46.0309 4084  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:27:46.0387 4084  idsvc - ok
09:27:46.0683 4084  [ 663E7364F650A915D415EEB2DA98D86A ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:27:47.0120 4084  igfx - ok
09:27:47.0151 4084  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:27:47.0167 4084  iirsp - ok
09:27:47.0214 4084  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
09:27:47.0276 4084  IKEEXT - ok
09:27:47.0432 4084  [ 1835B384D2D66752ED1460E9085230BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:27:47.0650 4084  IntcAzAudAddService - ok
09:27:47.0713 4084  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
09:27:47.0744 4084  intelide - ok
09:27:47.0760 4084  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:27:47.0806 4084  intelppm - ok
09:27:47.0962 4084  [ BCFEA9F75057DF63EF8656B2E3A4619F ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
09:27:48.0025 4084  ioloSystemService - ok
09:27:48.0087 4084  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:27:48.0150 4084  IPBusEnum - ok
09:27:48.0181 4084  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:27:48.0228 4084  IpFilterDriver - ok
09:27:48.0274 4084  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:27:48.0306 4084  iphlpsvc - ok
09:27:48.0306 4084  IpInIp - ok
09:27:48.0352 4084  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:27:48.0415 4084  IPMIDRV - ok
09:27:48.0446 4084  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:27:48.0508 4084  IPNAT - ok
09:27:48.0555 4084  [ 2872B90D57C8310194A78A9787406467 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:27:48.0633 4084  iPod Service - ok
09:27:48.0633 4084  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:27:48.0711 4084  IRENUM - ok
09:27:48.0727 4084  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:27:48.0774 4084  isapnp - ok
09:27:48.0805 4084  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:27:48.0836 4084  iScsiPrt - ok
09:27:48.0852 4084  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:27:48.0883 4084  iteatapi - ok
09:27:48.0898 4084  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:27:48.0930 4084  iteraid - ok
09:27:49.0008 4084  [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi        C:\Program Files (x86)\Jumpstart\jswpsapi.exe
09:27:49.0273 4084  jswpsapi ( UnsignedFile.Multi.Generic ) - warning
09:27:49.0273 4084  jswpsapi - detected UnsignedFile.Multi.Generic (1)
09:27:49.0366 4084  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:27:49.0383 4084  kbdclass - ok
09:27:49.0414 4084  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:27:49.0461 4084  kbdhid - ok
09:27:49.0508 4084  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
09:27:49.0523 4084  KeyIso - ok
09:27:49.0555 4084  [ 7C999F96B239E214154DB3C808E6736A ] KR10I64         C:\Windows\system32\drivers\kr10i64.sys
09:27:49.0601 4084  KR10I64 - ok
09:27:49.0601 4084  [ 8CB9A9164D4E789424F943FA718FA3F2 ] KR10N64         C:\Windows\system32\drivers\kr10n64.sys
09:27:49.0633 4084  KR10N64 - ok
09:27:49.0664 4084  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:27:49.0695 4084  KSecDD - ok
09:27:49.0726 4084  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:27:49.0773 4084  ksthunk - ok
09:27:49.0820 4084  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:27:49.0898 4084  KtmRm - ok
09:27:49.0991 4084  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:27:50.0023 4084  LanmanServer - ok
09:27:50.0069 4084  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:27:50.0116 4084  LanmanWorkstation - ok
09:27:50.0132 4084  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:27:50.0194 4084  lltdio - ok
09:27:50.0257 4084  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:27:50.0303 4084  lltdsvc - ok
09:27:50.0350 4084  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:27:50.0397 4084  lmhosts - ok
09:27:50.0398 4084  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:27:50.0445 4084  LSI_FC - ok
09:27:50.0460 4084  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:27:50.0476 4084  LSI_SAS - ok
09:27:50.0492 4084  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:27:50.0507 4084  LSI_SCSI - ok
09:27:50.0538 4084  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:27:50.0585 4084  luafv - ok
09:27:50.0663 4084  [ 4208B958E35F0E596AA241EFB664636B ] lxdxCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe
09:27:50.0679 4084  lxdxCATSCustConnectService - ok
09:27:50.0741 4084  lxdx_device - ok
09:27:50.0850 4084  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:27:50.0866 4084  Mcx2Svc - ok
09:27:50.0944 4084  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
09:27:50.0960 4084  megasas - ok
09:27:51.0006 4084  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:27:51.0038 4084  MegaSR - ok
09:27:51.0053 4084  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
09:27:51.0116 4084  MMCSS - ok
09:27:51.0147 4084  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
09:27:51.0194 4084  Modem - ok
09:27:51.0225 4084  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:27:51.0272 4084  monitor - ok
09:27:51.0287 4084  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:27:51.0318 4084  mouclass - ok
09:27:51.0350 4084  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:27:51.0396 4084  mouhid - ok
09:27:51.0413 4084  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:27:51.0444 4084  MountMgr - ok
09:27:51.0522 4084  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:27:51.0538 4084  MozillaMaintenance - ok
09:27:51.0600 4084  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:27:51.0616 4084  MpFilter - ok
09:27:51.0647 4084  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:27:51.0678 4084  mpio - ok
09:27:51.0709 4084  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:27:51.0741 4084  mpsdrv - ok
09:27:51.0772 4084  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:27:51.0819 4084  MpsSvc - ok
09:27:51.0819 4084  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:27:51.0850 4084  Mraid35x - ok
09:27:51.0865 4084  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:27:51.0897 4084  MRxDAV - ok
09:27:51.0928 4084  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:27:51.0975 4084  mrxsmb - ok
09:27:52.0006 4084  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:27:52.0021 4084  mrxsmb10 - ok
09:27:52.0053 4084  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:27:52.0068 4084  mrxsmb20 - ok
09:27:52.0115 4084  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
09:27:52.0131 4084  msahci - ok
09:27:52.0162 4084  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:27:52.0193 4084  msdsm - ok
09:27:52.0209 4084  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
09:27:52.0255 4084  MSDTC - ok
09:27:52.0287 4084  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:27:52.0318 4084  Msfs - ok
09:27:52.0365 4084  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:27:52.0380 4084  msisadrv - ok
09:27:52.0443 4084  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:27:52.0489 4084  MSiSCSI - ok
09:27:52.0583 4084  msiserver - ok
09:27:52.0692 4084  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:27:52.0739 4084  MSKSSRV - ok
09:27:52.0817 4084  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:27:52.0833 4084  MsMpSvc - ok
09:27:52.0848 4084  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:27:52.0895 4084  MSPCLOCK - ok
09:27:52.0911 4084  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:27:52.0957 4084  MSPQM - ok
09:27:53.0004 4084  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:27:53.0035 4084  MsRPC - ok
09:27:53.0082 4084  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:27:53.0098 4084  mssmbios - ok
09:27:53.0129 4084  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:27:53.0176 4084  MSTEE - ok
09:27:53.0191 4084  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:27:53.0223 4084  Mup - ok
09:27:53.0269 4084  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
09:27:53.0316 4084  napagent - ok
09:27:53.0363 4084  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:27:53.0379 4084  NativeWifiP - ok
09:27:53.0457 4084  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:27:53.0519 4084  NDIS - ok
09:27:53.0628 4084  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:27:53.0659 4084  NdisTapi - ok
09:27:53.0659 4084  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:27:53.0706 4084  Ndisuio - ok
09:27:53.0753 4084  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:27:53.0800 4084  NdisWan - ok
09:27:53.0815 4084  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:27:53.0847 4084  NDProxy - ok
09:27:53.0862 4084  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:27:53.0909 4084  NetBIOS - ok
09:27:53.0940 4084  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:27:53.0971 4084  netbt - ok
09:27:53.0987 4084  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
09:27:54.0018 4084  Netlogon - ok
09:27:54.0049 4084  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
09:27:54.0096 4084  Netman - ok
09:27:54.0143 4084  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
09:27:54.0190 4084  netprofm - ok
09:27:54.0221 4084  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:27:54.0237 4084  NetTcpPortSharing - ok
09:27:54.0283 4084  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:27:54.0315 4084  nfrd960 - ok
09:27:54.0346 4084  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:27:54.0377 4084  NisDrv - ok
09:27:54.0408 4084  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
09:27:54.0471 4084  NisSrv - ok
09:27:54.0564 4084  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:27:54.0611 4084  NlaSvc - ok
09:27:54.0642 4084  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:27:54.0673 4084  Npfs - ok
09:27:54.0689 4084  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
09:27:54.0736 4084  nsi - ok
09:27:54.0751 4084  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:27:54.0798 4084  nsiproxy - ok
09:27:54.0845 4084  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:27:54.0970 4084  Ntfs - ok
09:27:55.0032 4084  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
09:27:55.0063 4084  Null - ok
09:27:55.0095 4084  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:27:55.0126 4084  nvraid - ok
09:27:55.0141 4084  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:27:55.0313 4084  nvstor - ok
09:27:55.0344 4084  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:27:55.0391 4084  nv_agp - ok
09:27:55.0391 4084  NwlnkFlt - ok
09:27:55.0422 4084  NwlnkFwd - ok
09:27:55.0578 4084  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:27:55.0609 4084  odserv - ok
09:27:55.0656 4084  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:27:55.0750 4084  ohci1394 - ok
09:27:55.0781 4084  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:27:55.0797 4084  ose - ok
09:27:55.0890 4084  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:27:55.0968 4084  p2pimsvc - ok
09:27:56.0046 4084  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
09:27:56.0077 4084  p2psvc - ok
09:27:56.0140 4084  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
09:27:56.0202 4084  Parport - ok
09:27:56.0233 4084  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:27:56.0249 4084  partmgr - ok
09:27:56.0280 4084  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:27:56.0327 4084  PcaSvc - ok
09:27:56.0358 4084  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
09:27:56.0374 4084  pci - ok
09:27:56.0405 4084  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
09:27:56.0421 4084  pciide - ok
09:27:56.0452 4084  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:27:56.0467 4084  pcmcia - ok
09:27:56.0514 4084  [ 8570C04D9DBFDDD2CCF655DEB4D84715 ] PDFsFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
09:27:56.0545 4084  PDFsFilter - ok
09:27:56.0592 4084  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:27:56.0670 4084  PEAUTH - ok
09:27:56.0748 4084  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:27:56.0779 4084  PerfHost - ok
09:27:56.0842 4084  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
09:27:56.0920 4084  pla - ok
09:27:56.0967 4084  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:27:56.0998 4084  PlugPlay - ok
09:27:57.0076 4084  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:27:57.0107 4084  PMBDeviceInfoProvider - ok
09:27:57.0169 4084  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:27:57.0232 4084  PNRPAutoReg - ok
09:27:57.0263 4084  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:27:57.0341 4084  PNRPsvc - ok
09:27:57.0466 4084  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:27:57.0544 4084  PolicyAgent - ok
09:27:57.0606 4084  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:27:57.0653 4084  PptpMiniport - ok
09:27:57.0731 4084  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
09:27:57.0778 4084  Processor - ok
09:27:57.0809 4084  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
09:27:57.0856 4084  ProfSvc - ok
09:27:57.0871 4084  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
09:27:57.0887 4084  ProtectedStorage - ok
09:27:57.0918 4084  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:27:57.0965 4084  PSched - ok
09:27:58.0043 4084  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
09:27:58.0074 4084  PxHlpa64 - ok
09:27:58.0199 4084  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:27:58.0308 4084  ql2300 - ok
09:27:58.0324 4084  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:27:58.0355 4084  ql40xx - ok
09:27:58.0386 4084  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
09:27:58.0433 4084  QWAVE - ok
09:27:58.0449 4084  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:27:58.0480 4084  QWAVEdrv - ok
09:27:58.0480 4084  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:27:58.0542 4084  RasAcd - ok
09:27:58.0573 4084  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
09:27:58.0620 4084  RasAuto - ok
09:27:58.0651 4084  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:27:58.0683 4084  Rasl2tp - ok
09:27:58.0714 4084  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
09:27:58.0745 4084  RasMan - ok
09:27:58.0792 4084  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:27:58.0823 4084  RasPppoe - ok
09:27:58.0854 4084  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:27:58.0885 4084  RasSstp - ok
09:27:58.0901 4084  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:27:58.0948 4084  rdbss - ok
09:27:58.0963 4084  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:27:58.0995 4084  RDPCDD - ok
09:27:59.0026 4084  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:27:59.0088 4084  rdpdr - ok
09:27:59.0104 4084  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:27:59.0135 4084  RDPENCDD - ok
09:27:59.0182 4084  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:27:59.0229 4084  RDPWD - ok
09:27:59.0275 4084  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:27:59.0307 4084  RemoteAccess - ok
09:27:59.0338 4084  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:27:59.0369 4084  RemoteRegistry - ok
09:27:59.0400 4084  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
09:27:59.0431 4084  RpcLocator - ok
09:27:59.0478 4084  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
09:27:59.0525 4084  RpcSs - ok
09:27:59.0556 4084  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:27:59.0587 4084  rspndr - ok
09:27:59.0650 4084  [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
09:27:59.0697 4084  RTL8169 - ok
09:27:59.0712 4084  [ 108729909CE285A352A1D1CB96BB1B2E ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
09:27:59.0743 4084  RTSTOR - ok
09:27:59.0775 4084  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
09:27:59.0790 4084  SamSs - ok
09:27:59.0806 4084  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:27:59.0821 4084  sbp2port - ok
09:27:59.0868 4084  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:27:59.0899 4084  SCardSvr - ok
09:27:59.0946 4084  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
09:27:59.0993 4084  Schedule - ok
09:28:00.0040 4084  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:28:00.0071 4084  SCPolicySvc - ok
09:28:00.0102 4084  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:28:00.0133 4084  SDRSVC - ok
09:28:00.0165 4084  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:28:00.0227 4084  secdrv - ok
09:28:00.0243 4084  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
09:28:00.0289 4084  seclogon - ok
09:28:00.0305 4084  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
09:28:00.0336 4084  SENS - ok
09:28:00.0367 4084  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:28:00.0430 4084  Serenum - ok
09:28:00.0430 4084  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
09:28:00.0492 4084  Serial - ok
09:28:00.0492 4084  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:28:00.0539 4084  sermouse - ok
09:28:00.0586 4084  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:28:00.0617 4084  SessionEnv - ok
09:28:00.0633 4084  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:28:00.0664 4084  sffdisk - ok
09:28:00.0679 4084  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:28:00.0726 4084  sffp_mmc - ok
09:28:00.0726 4084  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:28:00.0773 4084  sffp_sd - ok
09:28:00.0773 4084  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:28:00.0835 4084  sfloppy - ok
09:28:00.0913 4084  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:28:00.0960 4084  SharedAccess - ok
09:28:01.0023 4084  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:28:01.0054 4084  ShellHWDetection - ok
09:28:01.0101 4084  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:28:01.0116 4084  SiSRaid2 - ok
09:28:01.0132 4084  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:28:01.0147 4084  SiSRaid4 - ok
09:28:01.0257 4084  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:28:01.0272 4084  SkypeUpdate - ok
09:28:01.0366 4084  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
09:28:01.0506 4084  slsvc - ok
09:28:01.0553 4084  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:28:01.0584 4084  SLUINotify - ok
09:28:01.0647 4084  [ 79ED2D6DEC26E0FEFB93EA21F09E6A51 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
09:28:01.0647 4084  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
09:28:01.0647 4084  SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
09:28:01.0678 4084  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:28:01.0709 4084  Smb - ok
09:28:01.0740 4084  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:28:01.0756 4084  SNMPTRAP - ok
09:28:01.0787 4084  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
09:28:01.0803 4084  spldr - ok
09:28:01.0849 4084  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
09:28:01.0865 4084  Spooler - ok
09:28:01.0912 4084  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:28:01.0943 4084  srv - ok
09:28:02.0005 4084  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:28:02.0052 4084  srv2 - ok
09:28:02.0083 4084  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:28:02.0099 4084  srvnet - ok
09:28:02.0146 4084  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:28:02.0193 4084  SSDPSRV - ok
09:28:02.0224 4084  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:28:02.0255 4084  SstpSvc - ok
09:28:02.0302 4084  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
09:28:02.0333 4084  stisvc - ok
09:28:02.0349 4084  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:28:02.0364 4084  swenum - ok
09:28:02.0411 4084  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
09:28:02.0473 4084  swprv - ok
09:28:02.0520 4084  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:28:02.0536 4084  Symc8xx - ok
09:28:02.0583 4084  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:28:02.0598 4084  Sym_hi - ok
09:28:02.0614 4084  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:28:02.0645 4084  Sym_u3 - ok
09:28:02.0676 4084  [ D8EDB37F6E235A47E12F1EAFD85C2B6F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
09:28:02.0692 4084  SynTP - ok
09:28:02.0754 4084  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
09:28:02.0832 4084  SysMain - ok
09:28:02.0863 4084  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:28:02.0879 4084  TabletInputService - ok
09:28:02.0973 4084  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:28:03.0004 4084  TapiSrv - ok
09:28:03.0051 4084  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
09:28:03.0097 4084  TBS - ok
09:28:03.0253 4084  [ 2860D16C5021F72130212DDB1C53018F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:28:03.0347 4084  Tcpip - ok
09:28:03.0456 4084  [ 2860D16C5021F72130212DDB1C53018F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:28:03.0550 4084  Tcpip6 - ok
09:28:03.0597 4084  [ EFC6BE643B476118EC726D35A821B2A9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:28:03.0628 4084  tcpipreg - ok
09:28:03.0675 4084  [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
09:28:03.0706 4084  tdcmdpst - ok
09:28:03.0737 4084  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:28:03.0799 4084  TDPIPE - ok
09:28:03.0815 4084  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:28:03.0877 4084  TDTCP - ok
09:28:03.0909 4084  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:28:03.0955 4084  tdx - ok
09:28:03.0971 4084  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:28:03.0987 4084  TermDD - ok
09:28:04.0033 4084  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
09:28:04.0096 4084  TermService - ok
09:28:04.0205 4084  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
09:28:04.0221 4084  Themes - ok
09:28:04.0236 4084  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:28:04.0283 4084  THREADORDER - ok
09:28:04.0330 4084  [ E09CAAFB2B323A6FF120CEFB96DA0A44 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:28:04.0345 4084  TMachInfo - ok
09:28:04.0455 4084  [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv        C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
09:28:04.0470 4084  TNaviSrv - ok
09:28:04.0486 4084  [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
09:28:04.0501 4084  TODDSrv ( UnsignedFile.Multi.Generic ) - warning
09:28:04.0501 4084  TODDSrv - detected UnsignedFile.Multi.Generic (1)
09:28:04.0548 4084  [ E17A81E6AD0E89630A3B0F2ED5CBBDF5 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:28:04.0595 4084  TosCoSrv - ok
09:28:04.0626 4084  [ 19D979B9F6373A7CB17EBB7594FEB819 ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
09:28:04.0673 4084  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
09:28:04.0673 4084  TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
09:28:04.0735 4084  [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64       C:\Windows\system32\DRIVERS\tos_sps64.sys
09:28:04.0767 4084  tos_sps64 - ok
09:28:04.0813 4084  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
09:28:04.0845 4084  TrkWks - ok
09:28:04.0891 4084  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:28:04.0923 4084  TrustedInstaller - ok
09:28:04.0954 4084  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:28:05.0001 4084  tssecsrv - ok
09:28:05.0016 4084  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:28:05.0032 4084  tunmp - ok
09:28:05.0079 4084  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:28:05.0094 4084  tunnel - ok
09:28:05.0125 4084  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:28:05.0141 4084  TVALZ - ok
09:28:05.0172 4084  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:28:05.0188 4084  uagp35 - ok
09:28:05.0219 4084  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:28:05.0266 4084  udfs - ok
09:28:05.0297 4084  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:28:05.0328 4084  UI0Detect - ok
09:28:05.0406 4084  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
09:28:05.0531 4084  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
09:28:05.0531 4084  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
09:28:05.0562 4084  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:28:05.0593 4084  uliagpkx - ok
09:28:05.0594 4084  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:28:05.0626 4084  uliahci - ok
09:28:05.0641 4084  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:28:05.0657 4084  UlSata - ok
09:28:05.0672 4084  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:28:05.0704 4084  ulsata2 - ok
09:28:05.0719 4084  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:28:05.0766 4084  umbus - ok
09:28:05.0797 4084  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
09:28:05.0828 4084  upnphost - ok
09:28:05.0891 4084  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
09:28:05.0906 4084  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
09:28:05.0906 4084  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
09:28:05.0953 4084  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:28:05.0984 4084  usbccgp - ok
09:28:06.0000 4084  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:28:06.0078 4084  usbcir - ok
09:28:06.0109 4084  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:28:06.0140 4084  usbehci - ok
09:28:06.0172 4084  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:28:06.0234 4084  usbhub - ok
09:28:06.0250 4084  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:28:06.0312 4084  usbohci - ok
09:28:06.0343 4084  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:28:06.0374 4084  usbprint - ok
09:28:06.0390 4084  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:28:06.0421 4084  usbscan - ok
09:28:06.0468 4084  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:28:06.0499 4084  USBSTOR - ok
09:28:06.0515 4084  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:28:06.0546 4084  usbuhci - ok
09:28:06.0577 4084  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:28:06.0640 4084  usbvideo - ok
09:28:06.0686 4084  [ 060B7863943625E0193A3575C0C59E52 ] UVCFTR          C:\Windows\system32\Drivers\UVCFTR_S.SYS
09:28:06.0702 4084  UVCFTR - ok
09:28:06.0718 4084  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
09:28:06.0764 4084  UxSms - ok
09:28:06.0811 4084  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
09:28:06.0858 4084  vds - ok
09:28:06.0905 4084  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:28:06.0936 4084  vga - ok
09:28:06.0983 4084  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:28:07.0030 4084  VgaSave - ok
09:28:07.0045 4084  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
09:28:07.0061 4084  viaide - ok
09:28:07.0108 4084  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:28:07.0123 4084  volmgr - ok
09:28:07.0170 4084  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:28:07.0201 4084  volmgrx - ok
09:28:07.0248 4084  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:28:07.0264 4084  volsnap - ok
09:28:07.0326 4084  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:28:07.0357 4084  vsmraid - ok
09:28:07.0420 4084  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
09:28:07.0576 4084  VSS - ok
09:28:07.0607 4084  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
09:28:07.0685 4084  W32Time - ok
09:28:07.0716 4084  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:28:07.0794 4084  WacomPen - ok
09:28:07.0841 4084  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:28:07.0872 4084  Wanarp - ok
09:28:07.0888 4084  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:28:07.0919 4084  Wanarpv6 - ok
09:28:07.0950 4084  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:28:07.0997 4084  wcncsvc - ok
09:28:08.0044 4084  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:28:08.0075 4084  WcsPlugInService - ok
09:28:08.0153 4084  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
09:28:08.0168 4084  Wd - ok
09:28:08.0278 4084  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:28:08.0309 4084  Wdf01000 - ok
09:28:08.0324 4084  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:28:08.0371 4084  WdiServiceHost - ok
09:28:08.0387 4084  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:28:08.0449 4084  WdiSystemHost - ok
09:28:08.0480 4084  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
09:28:08.0496 4084  WebClient - ok
09:28:08.0527 4084  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:28:08.0558 4084  Wecsvc - ok
09:28:08.0574 4084  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:28:08.0621 4084  wercplsupport - ok
09:28:08.0636 4084  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
09:28:08.0683 4084  WerSvc - ok
09:28:08.0699 4084  WinDefend - ok
09:28:08.0714 4084  WinHttpAutoProxySvc - ok
09:28:08.0761 4084  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:28:08.0792 4084  Winmgmt - ok
09:28:08.0886 4084  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:28:08.0964 4084  WinRM - ok
09:28:09.0120 4084  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:28:09.0167 4084  Wlansvc - ok
09:28:09.0214 4084  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:28:09.0245 4084  WmiAcpi - ok
09:28:09.0292 4084  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:28:09.0338 4084  wmiApSrv - ok
09:28:09.0370 4084  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:28:09.0416 4084  WPCSvc - ok
09:28:09.0448 4084  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:28:09.0494 4084  WPDBusEnum - ok
09:28:09.0541 4084  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:28:09.0572 4084  WpdUsb - ok
09:28:09.0697 4084  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:28:09.0744 4084  WPFFontCache_v0400 - ok
09:28:09.0791 4084  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:28:09.0838 4084  ws2ifsl - ok
09:28:09.0869 4084  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
09:28:09.0900 4084  wscsvc - ok
09:28:09.0916 4084  [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:28:09.0978 4084  WSDPrintDevice - ok
09:28:09.0994 4084  WSearch - ok
09:28:10.0103 4084  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:28:10.0243 4084  wuauserv - ok
09:28:10.0306 4084  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:28:10.0352 4084  WudfPf - ok
09:28:10.0384 4084  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:28:10.0415 4084  WUDFRd - ok
09:28:10.0446 4084  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:28:10.0477 4084  wudfsvc - ok
09:28:10.0571 4084  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:28:10.0602 4084  YahooAUService - ok
09:28:10.0680 4084  ================ Scan global ===============================
09:28:10.0711 4084  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
09:28:10.0805 4084  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
09:28:10.0820 4084  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
09:28:10.0867 4084  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
09:28:10.0867 4084  [Global] - ok
09:28:10.0867 4084  ================ Scan MBR ==================================
09:28:10.0883 4084  [ 6F9A1D528242BC09104B85E0BECF5554 ] \Device\Harddisk0\DR0
09:28:10.0883 4084  Suspicious mbr (Forged): \Device\Harddisk0\DR0
09:28:10.0945 4084  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
09:28:10.0945 4084  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
09:28:11.0023 4084  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:28:11.0023 4084  \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:28:11.0023 4084  ================ Scan VBR ==================================
09:28:11.0070 4084  [ 03334768A78BB2FCE88758940DEC9841 ] \Device\Harddisk0\DR0\Partition1
09:28:11.0070 4084  \Device\Harddisk0\DR0\Partition1 - ok
09:28:11.0070 4084  ============================================================
09:28:11.0070 4084  Scan finished
09:28:11.0070 4084  ============================================================
09:28:11.0086 5032  Detected object count: 11
09:28:11.0086 5032  Actual detected object count: 11
09:30:18.0040 5032  ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0040 5032  ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0040 5032  ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0040 5032  ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0040 5032  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0040 5032  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0056 5032  jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0056 5032  jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0056 5032  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0056 5032  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0056 5032  TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0056 5032  TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0072 5032  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0072 5032  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0072 5032  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0072 5032  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:18.0072 5032  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:18.0072 5032  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:30:19.0413 5032  \Device\Harddisk0\DR0\# - copied to quarantine
09:30:19.0476 5032  \Device\Harddisk0\DR0 - copied to quarantine
09:30:19.0554 5032  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:30:19.0569 5032  \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
09:30:19.0569 5032  \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
09:30:19.0569 5032  \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
09:30:19.0585 5032  \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
09:30:19.0756 5032  \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
09:30:19.0819 5032  \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
09:30:19.0834 5032  \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
09:30:19.0866 5032  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:30:19.0912 5032  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:30:19.0975 5032  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:30:20.0037 5032  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:30:20.0068 5032  \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
09:30:20.0068 5032  \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
09:30:20.0146 5032  \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
09:30:20.0271 5032  \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
09:30:20.0490 5032  \Device\Harddisk0\DR0\TDLFS\serf232 - copied to quarantine
09:30:20.0708 5032  \Device\Harddisk0\DR0\TDLFS\serf264 - copied to quarantine
09:30:20.0926 5032  \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
09:30:21.0036 5032  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
09:30:21.0051 5032  \Device\Harddisk0\DR0 - ok
09:30:21.0067 5032  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
09:30:21.0067 5032  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:30:21.0067 5032  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:30:39.0085 4356  Deinitialize success
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-07 09:39:32
-----------------------------
09:39:32.379    OS Version: Windows x64 6.0.6002 Service Pack 2
09:39:32.379    Number of processors: 2 586 0xF0D
09:39:32.379    ComputerName: NANCYMARIE-PC  UserName: Nancy Marie
09:39:33.830    Initialize success
09:40:58.422    AVAST engine defs: 13060700
09:41:19.904    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:41:19.904    Disk 0 Vendor: ST932032 SD56 Size: 305245MB BusType: 3
09:41:20.106    Disk 0 MBR read successfully
09:41:20.106    Disk 0 MBR scan
09:41:20.169    Disk 0 Windows VISTA default MBR code
09:41:20.200    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
09:41:20.247    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       295477 MB offset 3074048
09:41:20.309    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8267 MB offset 608210944
09:41:20.637    Disk 0 scanning C:\Windows\system32\drivers
09:41:37.734    Service scanning
09:42:18.497    Modules scanning
09:42:18.497    Disk 0 trace - called modules:
09:42:18.762    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:42:19.277    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cbb060]
09:42:19.277    3 CLASSPNP.SYS[fffffa6000fc5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c18050]
09:42:20.666    AVAST engine scan C:\Windows
09:42:34.862    AVAST engine scan C:\Windows\system32
09:50:14.041    AVAST engine scan C:\Windows\system32\drivers
09:50:35.569    AVAST engine scan C:\Users\Nancy Marie
10:06:22.103    AVAST engine scan C:\ProgramData
10:14:33.614    Scan finished successfully
10:21:26.697    Disk 0 MBR has been saved successfully to "C:\Users\Nancy Marie\Desktop\Andrew\MBR.dat"
10:21:26.712    The log file has been saved successfully to "C:\Users\Nancy Marie\Desktop\Andrew\aswMBR.txt"

 

 

Attached File  MBR.zip   567bytes   0 downloads



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 07 June 2013 - 12:46 PM

Can you now complete the Microsoft Updates?

#9 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 07 June 2013 - 01:22 PM

Yes, the Microsoft Updates successfully installed. Toshiba Service Station is still not working, but I don't know how important that is.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 08 June 2013 - 07:27 AM


Toshiba Service Station is still not working, but I don't know how important that is.
It's not that important. This topic may help you.
http://forums.toshiba.com/t5/Drivers-and-Utilities/Toshiba-Service-Station/td-p/79565


I did find this visual player that you may listen to.
Select Toshiba Service Station on the left pane.
http://web1.toshiba.ca/support/howto/en/videos/ServiceStation/player.html

===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#11 Ralph {IA2}

Ralph {IA2}
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 09 June 2013 - 01:15 PM

OK, I've cleaned everything up. Thanks again for all of your help, I really appreciate it.

 

Cheers,

Ralph



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 10 June 2013 - 06:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users