Jump to content

BigRob

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by BigRob

  1. Many thanks for your help Maniac. I've ordered the discs from Toshiba as the best option. Can anything else be run alongside Microsoft security essentials? or would it be better to run standalone firewall/anti-spyware etc? PS. Donation sent in way of a thanks.
  2. A format it is then. Are all file types considered possible causes of re-infection? Is it still safe to use the recovery partition on the infected drive? or should I just format the whole drive and buy the discs from Toshiba?
  3. Would you think a format is the way forward? My main aim was to recover files/photos if a format is needed. Would this be wise or would you say they are not to be trusted? Would you trust a recovery from the backup partition on this hard drive? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013 Ran by SYSTEM on 08-06-2013 20:58:24 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH) HKLM\...\Run: [snp2std] C:\windows\vsnp2std.exe [344064 2007-09-28] (Sonix) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] () HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-04-03] (RealNetworks, Inc.) HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\ROB ADMIN 2\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\ROB ADMIN 2\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.) HKU\ROB ADMIN 2\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [1266712 2013-06-07] (AVG Secure Search) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\ROB ADMIN 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () ==================== Drivers (Whitelisted) ==================== S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] () S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-07 12:51 - 2013-06-07 12:51 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-06-06 14:37 - 2013-06-06 14:53 - 00000000 ____D C:\Users\ROB ADMIN 2\Desktop\tdss 2013-06-06 11:37 - 2013-06-06 11:39 - 00001157 ____A C:\Users\Rob\OLD Desktop.lnk 2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\Documents\Ulead VideoStudio SE 2013-06-05 15:37 - 2013-06-05 15:38 - 00001705 ____A C:\Users\ROB ADMIN 2\Desktop\Rob.lnk 2013-06-05 15:13 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TOSHIBA Online Product Information 2013-06-05 15:09 - 2013-06-06 14:36 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Google 2013-06-05 15:09 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\Google 2013-06-05 15:08 - 2013-06-05 15:08 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\RealNetworks 2013-06-05 15:07 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Ulead Systems 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Toshiba 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\SRS Labs 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ArcSoft 2013-06-05 15:06 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\TOSHIBA 2013-06-05 15:06 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ArcSoft 2013-06-05 15:06 - 2013-06-05 15:06 - 00070168 ____A C:\Users\ROB ADMIN 2\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Real 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Epson 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ATI 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Adobe 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\AVG Secure Search 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ATI 2013-06-05 15:05 - 2013-06-05 15:06 - 00000000 ____D C:\users\ROB ADMIN 2 2013-06-05 15:05 - 2013-06-05 15:05 - 00000020 ___SH C:\Users\ROB ADMIN 2\ntuser.ini 2013-06-05 15:05 - 2013-06-05 15:05 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\VirtualStore 2013-06-05 15:05 - 2012-10-12 08:52 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TuneUp Software 2013-06-05 15:05 - 2012-05-29 09:43 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Macromedia 2013-06-05 14:37 - 2013-06-05 15:01 - 00000000 ___RD C:\Users\Rob\Desktop\downloads-2 2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-06-05 11:31 - 2013-06-05 11:35 - 00001945 ____A C:\Windows\epplauncher.mif 2013-05-27 15:36 - 2013-05-27 15:36 - 00000000 ____D C:\Users\Rob\Desktop\Old Firefox Data 2013-05-27 15:17 - 2013-05-27 15:17 - 00168358 ____A C:\Users\Rob\Documents\bookmark.htm 2013-05-26 17:18 - 2013-05-26 17:20 - 138768078 ____A C:\Users\Rob\Desktop\avp-report.txt 2013-05-26 17:14 - 2013-05-26 17:14 - 00000727 ____A C:\Users\Rob\Desktop\avp.txt 2013-05-26 14:02 - 2013-05-26 14:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-05-26 14:00 - 2013-05-26 13:59 - 168118704 ____A C:\Users\Rob\Desktop\setup_11.0.0.1245.x01_2013_05_26_23_45.exe 2013-05-26 09:43 - 2013-05-26 09:43 - 00025492 ____A C:\Users\Rob\Desktop\combofix2.txt 2013-05-26 09:39 - 2013-05-26 09:39 - 00025492 ____A C:\ComboFix.txt 2013-05-24 14:16 - 2013-05-24 14:15 - 02347384 ____A (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe 2013-05-24 11:41 - 2013-05-26 09:39 - 00000000 ____D C:\Qoobox 2013-05-24 11:41 - 2013-05-24 11:50 - 00000000 ____D C:\Windows\erdnt 2013-05-24 11:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-05-24 11:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-05-24 11:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-05-24 11:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-05-24 11:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-05-24 11:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-05-24 11:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-05-24 11:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-05-24 11:35 - 2013-05-24 11:34 - 05070409 ___RA (Swearware) C:\Users\Rob\Desktop\ComboFix.exe 2013-05-23 12:23 - 2013-05-19 04:13 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:06 - 2013-05-18 04:05 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____A (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-16 12:32 - 2013-05-16 12:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:44 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 08:44 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 08:44 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 08:44 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 09:30 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 09:30 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 09:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 09:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 09:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 09:30 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 09:30 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 09:30 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 09:30 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 15:00 - 2013-05-14 15:40 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt ==================== One Month Modified Files and Folders ======= 2013-06-08 11:51 - 2012-04-12 16:40 - 01923439 ____A C:\Windows\WindowsUpdate.log 2013-06-08 11:48 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-08 11:48 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 11:48 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-07 12:51 - 2013-06-07 12:51 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-06-07 12:51 - 2012-10-05 09:28 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-06-07 11:13 - 2013-04-11 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-07 10:03 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-07 10:03 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-06 14:53 - 2013-06-06 14:37 - 00000000 ____D C:\Users\ROB ADMIN 2\Desktop\tdss 2013-06-06 14:36 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Google 2013-06-06 11:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-06 11:49 - 2009-07-13 20:51 - 00058366 ____A C:\Windows\setupact.log 2013-06-06 11:42 - 2012-05-29 09:29 - 00000000 ____D C:\users\Rob 2013-06-06 11:39 - 2013-06-06 11:37 - 00001157 ____A C:\Users\Rob\OLD Desktop.lnk 2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\Documents\Ulead VideoStudio SE 2013-06-06 10:47 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Ulead Systems 2013-06-05 15:38 - 2013-06-05 15:37 - 00001705 ____A C:\Users\ROB ADMIN 2\Desktop\Rob.lnk 2013-06-05 15:13 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TOSHIBA Online Product Information 2013-06-05 15:13 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\TOSHIBA 2013-06-05 15:09 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\Google 2013-06-05 15:08 - 2013-06-05 15:08 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\RealNetworks 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Toshiba 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\SRS Labs 2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ArcSoft 2013-06-05 15:07 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ArcSoft 2013-06-05 15:06 - 2013-06-05 15:06 - 00070168 ____A C:\Users\ROB ADMIN 2\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Real 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Epson 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ATI 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Adobe 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\AVG Secure Search 2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ATI 2013-06-05 15:06 - 2013-06-05 15:05 - 00000000 ____D C:\users\ROB ADMIN 2 2013-06-05 15:05 - 2013-06-05 15:05 - 00000020 ___SH C:\Users\ROB ADMIN 2\ntuser.ini 2013-06-05 15:05 - 2013-06-05 15:05 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\VirtualStore 2013-06-05 15:01 - 2013-06-05 14:37 - 00000000 ___RD C:\Users\Rob\Desktop\downloads-2 2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-06-05 11:35 - 2013-06-05 11:31 - 00001945 ____A C:\Windows\epplauncher.mif 2013-06-05 11:32 - 2010-11-20 19:47 - 00036242 ____A C:\Windows\PFRO.log 2013-06-05 11:28 - 2012-10-05 09:27 - 00000000 ____D C:\ProgramData\AVG2013 2013-06-05 11:28 - 2012-10-05 09:22 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Avg2013 2013-06-05 11:28 - 2012-10-05 09:22 - 00000000 ____D C:\Users\Rob\AppData\Local\Avg2013 2013-06-05 11:28 - 2012-06-05 10:54 - 00000000 ____D C:\ProgramData\MFAData 2013-05-27 15:36 - 2013-05-27 15:36 - 00000000 ____D C:\Users\Rob\Desktop\Old Firefox Data 2013-05-27 15:17 - 2013-05-27 15:17 - 00168358 ____A C:\Users\Rob\Documents\bookmark.htm 2013-05-26 17:20 - 2013-05-26 17:18 - 138768078 ____A C:\Users\Rob\Desktop\avp-report.txt 2013-05-26 17:14 - 2013-05-26 17:14 - 00000727 ____A C:\Users\Rob\Desktop\avp.txt 2013-05-26 14:02 - 2013-05-26 14:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-05-26 13:59 - 2013-05-26 14:00 - 168118704 ____A C:\Users\Rob\Desktop\setup_11.0.0.1245.x01_2013_05_26_23_45.exe 2013-05-26 09:43 - 2013-05-26 09:43 - 00025492 ____A C:\Users\Rob\Desktop\combofix2.txt 2013-05-26 09:39 - 2013-05-26 09:39 - 00025492 ____A C:\ComboFix.txt 2013-05-26 09:39 - 2013-05-24 11:41 - 00000000 ____D C:\Qoobox 2013-05-26 09:38 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2013-05-25 05:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-24 14:15 - 2013-05-24 14:16 - 02347384 ____A (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe 2013-05-24 11:51 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2013-05-24 11:50 - 2013-05-24 11:41 - 00000000 ____D C:\Windows\erdnt 2013-05-24 11:34 - 2013-05-24 11:35 - 05070409 ___RA (Swearware) C:\Users\Rob\Desktop\ComboFix.exe 2013-05-24 10:44 - 2012-06-10 14:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\SoftGrid Client 2013-05-23 12:19 - 2012-08-30 10:09 - 00004914 ____A C:\Users\Rob\Desktop\T-Mobile.txt 2013-05-19 14:28 - 2012-05-29 09:44 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Toshiba 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 12:52 - 2012-06-07 14:07 - 00501816 ____A C:\Users\Rob\AppData\Roaming\mv.db 2013-05-19 08:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt 2013-05-19 04:13 - 2013-05-23 12:23 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-19 02:36 - 2009-07-13 21:13 - 00779998 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:05 - 2013-05-18 04:06 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____A (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Google 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Google 2013-05-17 11:35 - 2012-10-09 15:28 - 00017273 ____A C:\Windows\System32\avgrep.txt 2013-05-16 12:33 - 2013-05-16 12:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 09:17 - 2009-07-13 20:45 - 00292088 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:55 - 2012-06-01 22:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 15:11 - 2012-06-07 13:50 - 00000000 ____D C:\photos 2013-05-15 13:51 - 2012-06-10 07:50 - 02359320 ____A C:\snp2sxp-001.raw 2013-05-15 12:30 - 2013-04-13 02:01 - 00000000 ____D C:\Users\Rob\Desktop\550 HEXACOPTER 2013-05-15 12:24 - 2013-02-02 03:27 - 00000000 ____D C:\Program Files (x86)\APM Planner 2013-05-15 09:13 - 2012-02-16 18:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 09:13 - 2012-02-16 18:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 15:40 - 2013-05-14 15:00 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt 2013-05-14 14:55 - 2012-06-07 13:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-05-13 15:32 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-16 08:43:01 Restore point made on: 2013-05-24 11:41:57 Restore point made on: 2013-05-26 09:30:22 Restore point made on: 2013-06-05 11:24:31 Restore point made on: 2013-06-05 11:27:09 Restore point made on: 2013-06-05 11:28:25 Restore point made on: 2013-06-05 11:50:33 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8151.8 MB Available physical RAM: 7334.83 MB Total Pagefile: 8150 MB Available Pagefile: 7324.25 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (TI30875400A) (Fixed) (Total:914.18 GB) (Free:807.3 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.86 GB) (Free:1.68 GB) FAT (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 84621240) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=17) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-07 10:48 ==================== End Of Log ============================
  4. Hi Maniac, I'm back from holiday, thanks for waiting. I am finding the system unusable under my user name, I am unable to...make changes to the desktop (right click-new-shows empty) etc, am locked out of several folders, am unable to make some changes to windows, IE won't respond. It seems I'm severely restricted. I have made another user (Rob-2) with full permissions, IE works, have linked to my old desktop which I can access without problems thus far, have installed Microsoft security essentials as per your approved list. However, I have found suspicious entries under 'scheduled tasks' as Real player updaters which mention ' S-1-5-21-1064342506-1899143691-2716940641-1001 ', this string was quoted by AVG when it found the Trojan !! Can the original user be returned to a usable state? If not, could the replacement user (Rob-2) be made to replace my original user, with access to it's desktop/files/progs etc? Cheers Rob
  5. IE and Firefox reset, IE still not working, Speedtest.net in Firefox returning normal net speed of >6Mbps. Restarted PC, message that Kaspersky c:\windows\temp\rarsfxo\5690975.exe is requesting your permission to run (looks like an uninstall routine at the dos prompt). Seems I'm locked out of several folders, unable to modify desktop (new folder etc.), start menu contains no recently used programs etc. Please could you recommend AV and malware to install next time I connect to the network?
  6. Tried to run an AVG whole computer scan, despite reporting as up-to-date, the scan took 1 second and reported clean! Internet Explorer opens but neither saved links nor directly entered sites work. Had to use Firefox to measure internet speed ( <3Mbps when normally >6Mbps), net connection shut down by me straight after test was completed. Do you think I'm now clean?
  7. It found lots of password protected files too. Status: Deleted (events: 4) 26/05/2013 23:55:53 Deleted Trojan program Trojan.Win32.Genome.ailnk C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\U\80000000.@ High 26/05/2013 23:55:58 Deleted Trojan program Backdoor.Win32.ZAccess.cfor C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\U\80000032.@ High 26/05/2013 23:55:57 Deleted Trojan program Trojan-Downloader.WMA.Wimad.o C:\OLD LAPTOP FILES\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A23E58.wma High 26/05/2013 23:55:57 Deleted Trojan program Trojan-Downloader.WMA.Wimad.o C:\OLD LAPTOP FILES\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A23E58.wma//CryptFF High
  8. AVG scan took about 2 seconds for full scan and produced nothing??? ESETS came back clean. Combofix and Malwarebytes reports follow... Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Rob :: ROB-TOSH [administrator] 26/05/2013 20:35:18 mbam-log-2013-05-26 (20-35-18).txt Scan type: Full scan (C:\|E:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 468549 Time elapsed: 50 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\n (Rootkit.Siredef) -> Quarantined and deleted successfully. C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end)ComboFix 13-05-24.01 - Rob 26/05/2013 18:31:36.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.6203 [GMT 1:00] Running from: c:\users\Rob\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\isRS-000.tmp . . ((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 ))))))))))))))))))))))))))))))) . . 2013-05-26 17:38 . 2013-05-26 17:38 -------- d-----w- c:\users\Rob\AppData\Local\temp 2013-05-26 17:38 . 2013-05-26 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 21:11 . 2013-05-19 21:11 -------- d-----w- C:\FRST 2013-05-15 17:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 17:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 17:30 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 17:30 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 17:30 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 17:30 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 17:30 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 17:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 17:30 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 17:30 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 17:30 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-16 16:55 . 2012-06-02 06:13 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 17:13 . 2012-02-17 02:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:13 . 2012-02-17 02:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 22:50 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 05:49 . 2013-05-15 17:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 17:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 17:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 17:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 17:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 17:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 11:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 13:50 . 2012-07-14 14:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-03 17:43 . 2013-04-03 17:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-04-03 17:43 . 2013-04-03 17:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-03-29 01:53 . 2013-03-29 01:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-03-22 18:45 . 2013-03-22 18:45 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-22 18:45 . 2013-03-22 18:45 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-22 18:45 . 2013-03-22 18:45 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-22 18:45 . 2013-03-22 18:45 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-22 18:45 . 2013-03-22 18:45 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 18:45 . 2013-03-22 18:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 18:45 . 2013-03-22 18:45 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 18:45 . 2013-03-22 18:45 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-22 18:45 . 2013-03-22 18:45 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 18:45 . 2013-03-22 18:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 18:45 . 2013-03-22 18:45 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 18:45 . 2013-03-22 18:45 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-22 18:45 . 2013-03-22 18:45 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 18:45 . 2013-03-22 18:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 18:45 . 2013-03-22 18:45 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 18:45 . 2013-03-22 18:45 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 18:45 . 2013-03-22 18:45 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 18:45 . 2013-03-22 18:45 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-22 18:45 . 2013-03-22 18:45 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 18:45 . 2013-03-22 18:45 441856 ----a-w- c:\windows\system32\html.iec 2013-03-22 18:45 . 2013-03-22 18:45 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 18:45 . 2013-03-22 18:45 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 18:45 . 2013-03-22 18:45 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 18:45 . 2013-03-22 18:45 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-22 18:45 . 2013-03-22 18:45 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-22 18:45 . 2013-03-22 18:45 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 18:45 . 2013-03-22 18:45 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 18:45 . 2013-03-22 18:45 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-22 18:45 . 2013-03-22 18:45 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 18:45 . 2013-03-22 18:45 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 18:45 . 2013-03-22 18:45 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 18:45 . 2013-03-22 18:45 235008 ----a-w- c:\windows\system32\url.dll 2013-03-22 18:45 . 2013-03-22 18:45 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 18:45 . 2013-03-22 18:45 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-22 18:45 . 2013-03-22 18:45 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 18:45 . 2013-03-22 18:45 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 18:45 . 2013-03-22 18:45 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-22 18:45 . 2013-03-22 18:45 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 18:45 . 2013-03-22 18:45 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 18:45 . 2013-03-22 18:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 18:45 . 2013-03-22 18:45 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 18:45 . 2013-03-22 18:45 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-22 18:45 . 2013-03-22 18:45 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 18:45 . 2013-03-22 18:45 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 18:45 . 2013-03-22 18:45 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 18:45 . 2013-03-22 18:45 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 18:45 . 2013-03-22 18:45 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 18:45 . 2013-03-22 18:45 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 18:45 . 2013-03-22 18:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-21 02:08 . 2013-03-21 02:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-03-19 06:04 . 2013-04-10 21:08 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 21:08 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 21:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 21:08 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 21:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 21:08 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-02-18 20:08 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-03 295512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104] Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-4-13 1492352] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176] R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968] R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 17:13] . 2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24] . 2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824] "SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-02-06 2165120] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992] "snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-26 18:39:54 ComboFix-quarantined-files.txt 2013-05-26 17:39 ComboFix2.txt 2013-05-24 19:51 . Pre-Run: 868,519,559,168 bytes free Post-Run: 868,170,743,808 bytes free . - - End Of File - - 73DD2E4F325FB879036E6B98C42BE410
  9. I've been doing a little digging to see if I could find traces of S-1-5-21-1064342506-1899143691-2716940641-1001 that AVG reported on finding the Trojan. Prior to my call for your help, I found that if I right click on files, properties>security, I found a few entries under 'group or user names' I didn't recognize. One being 'everyone' another being S-1-5-21. Then found the same S-1-5-21 string under 'computer management>system tools>task scheduler>task scheduler library' where it is associated with several 'Real Player' updates planned for when Rob logs on. Also, Malwarebytes popup is saying the database is outdated by 327 days??
  10. Hi Maniac, 2 entries were 'multiple threats', around half of the 16 were from a copy of the contents of my old hard drive (probably never even looked at since their creation), most were .exe files but can't give any more details unfortunately. Would it be any good if I revert to the restore point created when I ran Combofix and start again from there?
  11. Ran ESET and it found 16 threats (took a few hours), thought I had exported the results correctly but I must have done something wrong (half asleep) sorry.
  12. All completed without problems. ComboFix 13-05-24.01 - Rob 24/05/2013 20:43:09.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.6153 [GMT 1:00] Running from: c:\users\Rob\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rob\AppData\Roaming\Microsoft\Windows\Recent\VideoLAN Website.url . . ((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 ))))))))))))))))))))))))))))))) . . 2013-05-24 19:48 . 2013-05-24 19:48 -------- d-----w- c:\users\Rob\AppData\Local\temp 2013-05-24 19:48 . 2013-05-24 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 21:11 . 2013-05-19 21:11 -------- d-----w- C:\FRST 2013-05-15 17:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 17:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 17:30 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 17:30 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 17:30 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 17:30 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 17:30 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 17:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 17:30 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 17:30 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 17:30 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-16 16:55 . 2012-06-02 06:13 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 17:13 . 2012-02-17 02:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:13 . 2012-02-17 02:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 22:50 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 05:49 . 2013-05-15 17:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 17:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 17:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 17:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 17:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 17:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 11:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-03 17:43 . 2013-04-03 17:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-04-03 17:43 . 2013-04-03 17:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-03-29 01:53 . 2013-03-29 01:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-03-22 18:45 . 2013-03-22 18:45 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-22 18:45 . 2013-03-22 18:45 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-22 18:45 . 2013-03-22 18:45 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-22 18:45 . 2013-03-22 18:45 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-22 18:45 . 2013-03-22 18:45 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 18:45 . 2013-03-22 18:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 18:45 . 2013-03-22 18:45 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 18:45 . 2013-03-22 18:45 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-22 18:45 . 2013-03-22 18:45 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 18:45 . 2013-03-22 18:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 18:45 . 2013-03-22 18:45 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 18:45 . 2013-03-22 18:45 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-22 18:45 . 2013-03-22 18:45 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 18:45 . 2013-03-22 18:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 18:45 . 2013-03-22 18:45 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 18:45 . 2013-03-22 18:45 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 18:45 . 2013-03-22 18:45 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 18:45 . 2013-03-22 18:45 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-22 18:45 . 2013-03-22 18:45 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 18:45 . 2013-03-22 18:45 441856 ----a-w- c:\windows\system32\html.iec 2013-03-22 18:45 . 2013-03-22 18:45 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 18:45 . 2013-03-22 18:45 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 18:45 . 2013-03-22 18:45 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 18:45 . 2013-03-22 18:45 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-22 18:45 . 2013-03-22 18:45 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-22 18:45 . 2013-03-22 18:45 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 18:45 . 2013-03-22 18:45 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 18:45 . 2013-03-22 18:45 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-22 18:45 . 2013-03-22 18:45 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 18:45 . 2013-03-22 18:45 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 18:45 . 2013-03-22 18:45 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 18:45 . 2013-03-22 18:45 235008 ----a-w- c:\windows\system32\url.dll 2013-03-22 18:45 . 2013-03-22 18:45 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 18:45 . 2013-03-22 18:45 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-22 18:45 . 2013-03-22 18:45 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 18:45 . 2013-03-22 18:45 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 18:45 . 2013-03-22 18:45 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-22 18:45 . 2013-03-22 18:45 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 18:45 . 2013-03-22 18:45 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 18:45 . 2013-03-22 18:45 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 18:45 . 2013-03-22 18:45 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 18:45 . 2013-03-22 18:45 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-22 18:45 . 2013-03-22 18:45 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 18:45 . 2013-03-22 18:45 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 18:45 . 2013-03-22 18:45 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 18:45 . 2013-03-22 18:45 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 18:45 . 2013-03-22 18:45 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 18:45 . 2013-03-22 18:45 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 18:45 . 2013-03-22 18:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-21 02:08 . 2013-03-21 02:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-03-19 06:04 . 2013-04-10 21:08 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 21:08 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 21:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 21:08 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 21:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 21:08 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-02-18 20:08 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-20 343168] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-03 295512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104] Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-4-13 1492352] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176] R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968] R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-20 235520] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-09 45168] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] . . Contents of the 'Scheduled Tasks' folder . 2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 17:13] . 2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24] . 2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824] "SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-02-06 2165120] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-02-17 150992] "snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-24 20:51:00 ComboFix-quarantined-files.txt 2013-05-24 19:51 . Pre-Run: 859,365,986,304 bytes free Post-Run: 868,858,904,576 bytes free . - - End Of File - - 23E2AD66BE362C0A176DA39CB29AF65D
  13. no issues with windows restart. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2013 Ran by SYSTEM at 2013-05-24 00:06:48 Run:2 Running from G:\ Boot Mode: Recovery ============================================== C:\Windows\assembly\GAC_32\Desktop.ini => File/Directory not found. C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. C:\$Recycle.Bin\S-1-5-21-1064342506-1899143691-2716940641-1001\$4aa5e0f9f248a9e84b502c13be0defc1 => Moved successfully. ==== End of Fixlog ====
  14. Copy and paste left a space before the 2nd and 3rd entries, does this explain why only 1st entry is reported in fixlog? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2013 Ran by SYSTEM at 2013-05-23 22:40:33 Run:1 Running from G:\ Boot Mode: Recovery ============================================== C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. ==== End of Fixlog ====
  15. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2013 Ran by SYSTEM on 23-05-2013 21:33:26 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH) HKLM\...\Run: [snp2std] C:\windows\vsnp2std.exe [344064 2007-09-28] (Sonix) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x] HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] () HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-04-03] (RealNetworks, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\Rob\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4936752 2013-04-25] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.) S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation) S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () ==================== Drivers (Whitelisted) ==================== S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] () S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-23 12:23 - 2013-05-19 04:13 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:06 - 2013-05-18 04:05 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 _____ (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-16 12:32 - 2013-05-16 12:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:44 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 08:44 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 08:44 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 08:44 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 09:30 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 09:30 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 09:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 09:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 09:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 09:30 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 09:30 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 09:30 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 09:30 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 15:00 - 2013-05-14 15:40 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt 2013-04-24 03:46 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-23 12:19 - 2012-08-30 10:09 - 00004914 ____A C:\Users\Rob\Desktop\T-Mobile.txt 2013-05-23 12:18 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-23 12:18 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-23 11:15 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-23 11:15 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-23 11:13 - 2012-06-05 10:54 - 00000000 ____D C:\ProgramData\MFAData 2013-05-23 11:08 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-23 11:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-23 11:07 - 2009-07-13 20:51 - 00057694 ____A C:\Windows\setupact.log 2013-05-21 15:49 - 2012-06-10 14:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\SoftGrid Client 2013-05-19 14:28 - 2012-05-29 09:44 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Toshiba 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 12:52 - 2012-06-07 14:07 - 00501816 ____A C:\Users\Rob\AppData\Roaming\mv.db 2013-05-19 10:58 - 2012-07-14 06:41 - 00001157 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-19 10:58 - 2012-07-14 06:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-19 08:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt 2013-05-19 04:13 - 2013-05-23 12:23 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-19 02:36 - 2009-07-13 21:13 - 00779998 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:05 - 2013-05-18 04:06 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 _____ (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Google 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Google 2013-05-17 11:35 - 2012-10-09 15:28 - 00017273 ____A C:\Windows\System32\avgrep.txt 2013-05-17 10:03 - 2012-04-12 16:40 - 01712567 ____A C:\Windows\WindowsUpdate.log 2013-05-16 12:33 - 2013-05-16 12:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 09:17 - 2009-07-13 20:45 - 00292088 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:55 - 2012-06-01 22:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 15:11 - 2012-06-07 13:50 - 00000000 ____D C:\photos 2013-05-15 13:51 - 2012-06-10 07:50 - 02359320 ____A C:\snp2sxp-001.raw 2013-05-15 12:30 - 2013-04-13 02:01 - 00000000 ____D C:\Users\Rob\Desktop\550 HEXACOPTER 2013-05-15 12:24 - 2013-02-02 03:27 - 00000000 ____D C:\Program Files (x86)\APM Planner 2013-05-15 09:13 - 2012-02-16 18:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 09:13 - 2012-02-16 18:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 15:40 - 2013-05-14 15:00 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt 2013-05-14 14:55 - 2012-06-07 13:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-05-14 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-13 15:32 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc 2013-05-09 08:47 - 2012-10-05 09:29 - 00001009 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-05-08 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-28 05:43 - 2012-12-30 13:37 - 00000000 ____D C:\Users\Rob\Desktop\16 CAMERA 2013-04-25 09:29 - 2012-06-09 14:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-04-23 12:00 - 2013-04-11 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1064342506-1899143691-2716940641-1001\$4aa5e0f9f248a9e84b502c13be0defc1 ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-11 21:25:49 Restore point made on: 2013-04-14 02:15:53 Restore point made on: 2013-04-21 15:15:47 Restore point made on: 2013-04-25 09:12:55 Restore point made on: 2013-05-14 10:25:08 Restore point made on: 2013-05-16 08:43:01 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8151.8 MB Available physical RAM: 7340.29 MB Total Pagefile: 8150 MB Available Pagefile: 7329.42 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (TI30875400A) (Fixed) (Total:914.18 GB) (Free:797.44 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 932 GB) (Disk ID: 84621240) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=17) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-05-14 10:17 ==================== End Of Log ============================
  16. Your help would be very much appreciated but with banking, ebay and such, I'd like to be as safe as possible. I probably haven't had the best protection from day 1 but that will change.
  17. Hi Maniac, I have done all that you advised and have borrowed a PC for now. As the infected PC is only a year old, I'd like, if feasible, to resurrect it. it's a Toshiba with Windows 7 in a partition but I have misplaced (thanks Mrs BigRob) the recovery disc. Is that partition still safe? Is it advisable to format and install without buying a new hard drive? Many thanks again for your help.
  18. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013 Ran by SYSTEM on 19-05-2013 13:11:53 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH) HKLM\...\Run: [snp2std] C:\windows\vsnp2std.exe [344064 2007-09-28] (Sonix) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x] HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] () HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-04-03] (RealNetworks, Inc.) HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA) HKU\Rob\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4936752 2013-04-25] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.) S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () ==================== Drivers (Whitelisted) ==================== S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] () S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek) S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:06 - 2013-05-18 04:05 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____R (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-16 12:32 - 2013-05-16 12:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:44 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 08:44 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 08:44 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 08:44 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 08:44 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 08:44 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 08:44 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 08:44 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 09:30 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 09:30 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 09:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 09:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 09:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 09:30 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 09:30 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 09:30 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 09:30 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 09:30 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 09:30 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 15:00 - 2013-05-14 15:40 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt 2013-04-24 03:46 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-22 13:27 - 2013-04-22 13:27 - 00000000 ____D C:\Users\Rob\Desktop\SAT 2013-04-22 12:54 - 2013-04-22 12:54 - 00161348 ____A C:\Users\Rob\Downloads\IKS SettingsHD Spiderbox Usals.zip 2013-04-22 11:33 - 2013-04-22 11:33 - 03676888 ____A C:\Users\Public\Documents\312730501.zip ==================== One Month Modified Files and Folders ======= 2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST 2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt 2013-05-19 03:58 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-19 03:58 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt 2013-05-19 02:36 - 2009-07-13 21:13 - 00779998 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-19 02:35 - 2009-07-13 20:51 - 00057582 ____A C:\Windows\setupact.log 2013-05-19 00:59 - 2012-06-05 10:54 - 00000000 ____D C:\ProgramData\MFAData 2013-05-19 00:58 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt 2013-05-18 04:05 - 2013-05-18 04:06 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt 2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____R (Swearware) C:\Users\Rob\Desktop\dds.com 2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk 2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Google 2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Google 2013-05-17 11:59 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-17 11:59 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-17 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-17 11:35 - 2012-10-09 15:28 - 00017273 ____A C:\Windows\System32\avgrep.txt 2013-05-17 10:03 - 2012-04-12 16:40 - 01712567 ____A C:\Windows\WindowsUpdate.log 2013-05-17 09:52 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-16 12:36 - 2012-07-14 06:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-16 12:34 - 2012-07-14 06:41 - 00001157 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-16 12:33 - 2013-05-16 12:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-16 09:17 - 2009-07-13 20:45 - 00292088 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI 2013-05-16 08:55 - 2012-06-01 22:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 15:11 - 2012-06-07 14:07 - 00501816 ____A C:\Users\Rob\AppData\Roaming\mv.db 2013-05-15 15:11 - 2012-06-07 13:50 - 00000000 ____D C:\photos 2013-05-15 13:51 - 2012-06-10 07:50 - 02359320 ____A C:\snp2sxp-001.raw 2013-05-15 12:30 - 2013-04-13 02:01 - 00000000 ____D C:\Users\Rob\Desktop\550 HEXACOPTER 2013-05-15 12:24 - 2013-02-02 03:27 - 00000000 ____D C:\Program Files (x86)\APM Planner 2013-05-15 09:13 - 2012-02-16 18:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 09:13 - 2012-02-16 18:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 15:40 - 2013-05-14 15:00 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt 2013-05-14 14:55 - 2012-06-07 13:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-05-14 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-13 15:32 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc 2013-05-09 08:47 - 2012-10-05 09:29 - 00001009 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-05-08 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-28 05:43 - 2012-12-30 13:37 - 00000000 ____D C:\Users\Rob\Desktop\16 CAMERA 2013-04-25 09:29 - 2012-06-09 14:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-04-23 12:00 - 2013-04-11 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-22 13:27 - 2013-04-22 13:27 - 00000000 ____D C:\Users\Rob\Desktop\SAT 2013-04-22 12:54 - 2013-04-22 12:54 - 00161348 ____A C:\Users\Rob\Downloads\IKS SettingsHD Spiderbox Usals.zip 2013-04-22 11:33 - 2013-04-22 11:33 - 03676888 ____A C:\Users\Public\Documents\312730501.zip 2013-04-21 15:17 - 2012-04-12 16:55 - 00046110 ____A C:\Windows\DPINST.LOG ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1064342506-1899143691-2716940641-1001\$4aa5e0f9f248a9e84b502c13be0defc1 ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-11 21:25:49 Restore point made on: 2013-04-14 02:15:53 Restore point made on: 2013-04-21 15:15:47 Restore point made on: 2013-04-25 09:12:55 Restore point made on: 2013-05-14 10:25:08 Restore point made on: 2013-05-16 08:43:01 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8151.8 MB Available physical RAM: 7338.11 MB Total Pagefile: 8150 MB Available Pagefile: 7327.91 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (TI30875400A) (Fixed) (Total:914.18 GB) (Free:796.56 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 932 GB) (Disk ID: 84621240) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=17) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-05-14 10:17 ==================== End Of Log ============================
  19. Hi Maniac, I really appreciate your help. Malwarebytes doesn't find the culprit. My computer is becoming less and less usable. Start button doesn't show any recently used progs, I can't save any documents anywhere, roguekiller can't be downloaded to the desktop, my keyboard was changed to US from UK and I can't even use enter key to tab down to a new line here. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Rob :: ROB-TOSH [administrator] 19/05/2013 10:52:55 mbam-log-2013-05-19 (10-52-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229814 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  20. Sorry, I think I should have just pasted the results. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 Run by Rob at 13:04:07 on 2013-05-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.4392 [GMT 1:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\windows\system32\SearchIndexer.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\windows\system32\atieclxx.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\vsnp2std.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\windows\system32\icacls.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{7638B6F8-F77C-41BD-992C-9DA70B3C3BEE} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{969B9A91-FBCE-46E5-ACAA-BAF02FDDC766} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{969B9A91-FBCE-46E5-ACAA-BAF02FDDC766}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [snp2std] C:\windows\vsnp2std.exe x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? GamesAppService;GamesAppService R? SkypeUpdate;Skype Updater R? StkCMini;Syntek AVStream USB2.0 ATV R? TDEIO;TDEIO R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO) R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? WatAdminSvc;Windows Activation Technologies Service R? wlcrasvc;Windows Live Mesh remote connections service S? ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service S? AMD External Events Utility;AMD External Events Utility S? AtiHDAudioService;AMD Function Driver for HD Audio Service S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgloga;AVG Logging Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgtp;avgtp S? avgwd;AVG WatchDog S? BtFilter;Bluetooth LowerFilter Class Filter Driver S? cvhsvc;Client Virtualization Handler S? GFNEXSrv;GFNEX Service S? iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver S? iusb3hub;Intel® USB 3.0 Hub Driver S? iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver S? NAUpdate;Nero Update S? NBVol;Nero Backup Volume Filter Driver S? NBVolUp;Nero Backup Volume Upper Filter Driver S? PGEffect;Pangu effect driver S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader S? RTL8167;Realtek 8167 NT Driver S? Sftfs;Sftfs S? sftlist;Application Virtualization Client S? Sftplay;Sftplay S? Sftredir;Sftredir S? Sftvol;Sftvol S? sftvsa;Application Virtualization Service Agent S? TMachInfo;TMachInfo S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service S? TPCHSrv;TPCH Service S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver S? vToolbarUpdater14.2.0;vToolbarUpdater14.2.0 . =============== Created Last 30 ================ . 2013-05-15 17:30:46 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys 2013-05-15 17:30:45 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys 2013-05-15 17:30:24 1930752 ----a-w- C:\windows\System32\authui.dll 2013-05-15 17:30:23 70144 ----a-w- C:\windows\System32\appinfo.dll 2013-05-15 17:30:23 1796096 ----a-w- C:\windows\SysWow64\authui.dll 2013-05-15 17:30:23 111448 ----a-w- C:\windows\System32\consent.exe 2013-05-15 17:30:11 48640 ----a-w- C:\windows\System32\wwanprotdim.dll 2013-05-15 17:30:11 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-05-15 17:30:11 230400 ----a-w- C:\windows\System32\wwansvc.dll 2013-04-24 11:46:37 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-15 17:13:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:13:23 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-04-04 13:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-04-03 17:43:49 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2013-04-03 17:43:49 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2013-03-29 01:53:48 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2013-03-21 02:08:24 240952 ----a-w- C:\windows\System32\drivers\avgtdia.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe 2013-02-18 20:08:32 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys . ============= FINISH: 13:05:53.62 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 29/05/2012 18:29:34 System Uptime: 18/05/2013 06:47:51 (7 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Core i5-2450M CPU @ 2.50GHz | U3E1 | 775/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 914 GiB total, 796.905 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP101: 12/04/2013 06:25:33 - Windows Update RP102: 14/04/2013 11:15:40 - Windows Update RP103: 22/04/2013 00:15:36 - Installed Mission Planner RP104: 25/04/2013 18:12:42 - Windows Update RP105: 14/05/2013 19:24:14 - Scheduled Checkpoint RP106: 16/05/2013 17:42:43 - Windows Update . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Sprint ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) MUI Agatha Christie - Death on the Nile Aloha TriPeaks AMD APP SDK Runtime AMD Catalyst Install Manager ArcSoft ShowBiz Atheros Bluetooth Filter Driver Package Atheros Driver Installation Program AVG 2013 AVG Security Toolbar Basic Operation Guide EPSON SX440 Series BBC iPlayer Desktop Bejeweled 3 Bluetooth Stack for Windows by Toshiba Cake Mania Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe D3DX10 Digital microscope Download Navigator Epson Connect Printer Setup Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Printer Finder EPSON Scan EPSON SX440 Series Printer Uninstall EpsonNet Print ESET Online Scanner v3 Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback Insaniquarium Deluxe Intel® Management Engine Components Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Java Auto Updater Java 6 Update 30 Jewel Quest Solitaire 2 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime MicroCapture 2.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mission Planner Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Nero 11 Essentials Nero 11 Kwik Themes Basic Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero BurnRights 11 Nero BurnRights 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi Network Guide EPSON SX440 Series Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Premium Sound HD RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype™ 5.10 Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application u-center Ulead VideoStudio SE DVD Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App USB2.0 ATV USB2.0 Grabber User's Guide EPSON SX440 Series Virtual Villagers 4 - The Tree of Life Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.3 welcome WildTangent Games WildTangent Games App WildTangent Games App (Toshiba Games) Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2012 1.0.0.0) Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.0) Windows Driver Package - DIYDrones (usbser) Ports (03/28/2013 1.6.2.0) Windows Driver Package - u-blox AG (ubloxusb) Ports (05/09/2012 1.2.0.6) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima WinZip 17.0 . ==== Event Viewer Messages From Past Week ======== . 17/05/2013 23:07:19, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Rob-TOSH\Rob SID (S-1-5-21-1064342506-1899143691-2716940641-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 17/05/2013 20:49:32, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 17/05/2013 19:07:54, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 17/05/2013 19:07:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 17/05/2013 19:07:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 17/05/2013 19:07:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 17/05/2013 19:07:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 17/05/2013 19:07:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Tosrfcom Wanarpv6 17/05/2013 19:07:30, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 17/05/2013 19:07:30, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 17/05/2013 19:05:31, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 15/05/2013 18:53:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 14/05/2013 23:59:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:59:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 14/05/2013 23:59:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 14/05/2013 23:58:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Tosrfcom vwififlt Wanarpv6 WfpLwf 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 14/05/2013 23:58:41, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  21. Please help,, I'm infected with the Trojan Horse Generic29.ajge. I have run DDS (reports below) Many thanks Rob attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.