Please help me remove generic29.ajge

BigRob · May 18, 2013

Please help,, I'm infected with the Trojan Horse Generic29.ajge. I have run DDS (reports below) Many thanks Rob

attach.txt

dds.txt

BigRob · May 19, 2013

Sorry, I think I should have just pasted the results. DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by Rob at 13:04:07 on 2013-05-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.4392 [GMT 1:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\GFNEXSrv.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\windows\system32\atieclxx.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\windows\system32\icacls.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{7638B6F8-F77C-41BD-992C-9DA70B3C3BEE} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{969B9A91-FBCE-46E5-ACAA-BAF02FDDC766} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{969B9A91-FBCE-46E5-ACAA-BAF02FDDC766}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

x64-Run: [snp2std] C:\windows\vsnp2std.exe

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? GamesAppService;GamesAppService

R? SkypeUpdate;Skype Updater

R? StkCMini;Syntek AVStream USB2.0 ATV

R? TDEIO;TDEIO

R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? WatAdminSvc;Windows Activation Technologies Service

R? wlcrasvc;Windows Live Mesh remote connections service

S? ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service

S? AMD External Events Utility;AMD External Events Utility

S? AtiHDAudioService;AMD Function Driver for HD Audio Service

S? AVGIDSAgent;AVGIDSAgent

S? AVGIDSDriver;AVGIDSDriver

S? AVGIDSHA;AVGIDSHA

S? Avgldx64;AVG AVI Loader Driver

S? Avgloga;AVG Logging Driver

S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield

S? Avgrkx64;AVG Anti-Rootkit Driver

S? Avgtdia;AVG TDI Driver

S? avgtp;avgtp

S? avgwd;AVG WatchDog

S? BtFilter;Bluetooth LowerFilter Class Filter Driver

S? cvhsvc;Client Virtualization Handler

S? GFNEXSrv;GFNEX Service

S? iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver

S? iusb3hub;Intel® USB 3.0 Hub Driver

S? iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver

S? NAUpdate;Nero Update

S? NBVol;Nero Backup Volume Filter Driver

S? NBVolUp;Nero Backup Volume Upper Filter Driver

S? PGEffect;Pangu effect driver

S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service

S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader

S? RTL8167;Realtek 8167 NT Driver

S? Sftfs;Sftfs

S? sftlist;Application Virtualization Client

S? Sftplay;Sftplay

S? Sftredir;Sftredir

S? Sftvol;Sftvol

S? sftvsa;Application Virtualization Service Agent

S? TMachInfo;TMachInfo

S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service

S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service

S? TPCHSrv;TPCH Service

S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver

S? vToolbarUpdater14.2.0;vToolbarUpdater14.2.0

.

=============== Created Last 30 ================

.

2013-05-15 17:30:46 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-05-15 17:30:45 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-05-15 17:30:24 1930752 ----a-w- C:\windows\System32\authui.dll

2013-05-15 17:30:23 70144 ----a-w- C:\windows\System32\appinfo.dll

2013-05-15 17:30:23 1796096 ----a-w- C:\windows\SysWow64\authui.dll

2013-05-15 17:30:23 111448 ----a-w- C:\windows\System32\consent.exe

2013-05-15 17:30:11 48640 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-05-15 17:30:11 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-05-15 17:30:11 230400 ----a-w- C:\windows\System32\wwansvc.dll

2013-04-24 11:46:37 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

.

==================== Find3M ====================

.

2013-05-15 17:13:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 17:13:23 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 13:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-04-03 17:43:49 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2013-04-03 17:43:49 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2013-03-29 01:53:48 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys

2013-03-21 02:08:24 240952 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

2013-02-18 20:08:32 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

.

============= FINISH: 13:05:53.62 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 29/05/2012 18:29:34

System Uptime: 18/05/2013 06:47:51 (7 hours ago)

.

Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | U3E1 | 775/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 796.905 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP101: 12/04/2013 06:25:33 - Windows Update

RP102: 14/04/2013 11:15:40 - Windows Update

RP103: 22/04/2013 00:15:36 - Installed Mission Planner

RP104: 25/04/2013 18:12:42 - Windows Update

RP105: 14/05/2013 19:24:14 - Scheduled Checkpoint

RP106: 16/05/2013 17:42:43 - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) MUI

Agatha Christie - Death on the Nile

Aloha TriPeaks

AMD APP SDK Runtime

AMD Catalyst Install Manager

ArcSoft ShowBiz

Atheros Bluetooth Filter Driver Package

Atheros Driver Installation Program

AVG 2013

AVG Security Toolbar

Basic Operation Guide EPSON SX440 Series

BBC iPlayer Desktop

Bejeweled 3

Bluetooth Stack for Windows by Toshiba

Cake Mania

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

D3DX10

Digital microscope

Download Navigator

Epson Connect Printer Setup

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON Printer Finder

EPSON Scan

EPSON SX440 Series Printer Uninstall

EpsonNet Print

ESET Online Scanner v3

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback

Insaniquarium Deluxe

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Java Auto Updater

Java 6 Update 30

Jewel Quest Solitaire 2

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

MicroCapture 2.0

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mission Planner

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mystery P.I. - The London Caper

Nero 11 Essentials

Nero 11 Kwik Themes Basic

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Backup Drivers

Nero BurnRights 11

Nero BurnRights 11 Help (CHM)

Nero ControlCenter 11

Nero ControlCenter 11 Help (CHM)

Nero Core Components 11

Nero Express 11

Nero Express 11 Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero Update

nero.prerequisites.msi

Network Guide EPSON SX440 Series

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Polar Bowler

Premium Sound HD

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype™ 5.10

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Online Product Information

TOSHIBA PC Health Monitor

TOSHIBA Places Icon Utility

TOSHIBA Recovery Media Creator

TOSHIBA Recovery Media Creator Reminder

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA TEMPRO

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

u-center

Ulead VideoStudio SE DVD

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

USB2.0 ATV

USB2.0 Grabber

User's Guide EPSON SX440 Series

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.3

welcome

WildTangent Games

WildTangent Games App

WildTangent Games App (Toshiba Games)

Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2012 1.0.0.0)

Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.0)

Windows Driver Package - DIYDrones (usbser) Ports (03/28/2013 1.6.2.0)

Windows Driver Package - u-blox AG (ubloxusb) Ports (05/09/2012 1.2.0.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalleri

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

WinZip 17.0

.

==== Event Viewer Messages From Past Week ========

.

17/05/2013 23:07:19, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Rob-TOSH\Rob SID (S-1-5-21-1064342506-1899143691-2716940641-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

17/05/2013 20:49:32, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

17/05/2013 19:07:54, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

17/05/2013 19:07:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

17/05/2013 19:07:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

17/05/2013 19:07:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

17/05/2013 19:07:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

17/05/2013 19:07:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Tosrfcom Wanarpv6

17/05/2013 19:07:30, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

17/05/2013 19:07:30, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

17/05/2013 19:05:31, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

15/05/2013 18:53:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

14/05/2013 23:59:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:59:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

14/05/2013 23:59:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

14/05/2013 23:58:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Tosrfcom vwififlt Wanarpv6 WfpLwf

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

14/05/2013 23:58:41, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Maniac · May 19, 2013

Hello Rob and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
RogueKiller log

BigRob · May 19, 2013

Hi Maniac, I really appreciate your help. Malwarebytes doesn't find the culprit. My computer is becoming less and less usable. Start button doesn't show any recently used progs, I can't save any documents anywhere, roguekiller can't be downloaded to the desktop, my keyboard was changed to US from UK and I can't even use enter key to tab down to a new line here. Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.19.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Rob :: ROB-TOSH [administrator]

19/05/2013 10:52:55

mbam-log-2013-05-19 (10-52-55).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 229814

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maniac · May 19, 2013

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

BigRob · May 19, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013

Ran by SYSTEM on 19-05-2013 13:11:53

Running from F:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)

HKLM\...\Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] ()

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH)

HKLM\...\Run: [snp2std] C:\windows\vsnp2std.exe [344064 2007-09-28] (Sonix)

HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()

HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-04-03] (RealNetworks, Inc.)

HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)

HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)

HKU\Rob\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk

ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk

ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4936752 2013-04-25] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)

S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)

S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)

S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)

S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)

S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)

S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] ()

S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)

S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST

2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt

2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt

2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt

2013-05-18 04:06 - 2013-05-18 04:05 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt

2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____R (Swearware) C:\Users\Rob\Desktop\dds.com

2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk

2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm

2013-05-16 12:32 - 2013-05-16 12:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe

2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI

2013-05-16 08:44 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 08:44 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 08:44 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 08:44 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 08:44 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 08:44 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 08:44 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 08:44 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 08:44 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 08:44 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 09:30 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 09:30 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 09:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 09:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 09:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 09:30 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 09:30 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 09:30 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 09:30 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 09:30 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 09:30 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 09:30 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 09:30 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-14 15:00 - 2013-05-14 15:40 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt

2013-04-24 03:46 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-22 13:27 - 2013-04-22 13:27 - 00000000 ____D C:\Users\Rob\Desktop\SAT

2013-04-22 12:54 - 2013-04-22 12:54 - 00161348 ____A C:\Users\Rob\Downloads\IKS SettingsHD Spiderbox Usals.zip

2013-04-22 11:33 - 2013-04-22 11:33 - 03676888 ____A C:\Users\Public\Documents\312730501.zip

==================== One Month Modified Files and Folders =======

2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST

2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt

2013-05-19 03:58 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-19 03:58 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt

2013-05-19 02:36 - 2009-07-13 21:13 - 00779998 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-19 02:35 - 2009-07-13 20:51 - 00057582 ____A C:\Windows\setupact.log

2013-05-19 00:59 - 2012-06-05 10:54 - 00000000 ____D C:\ProgramData\MFAData

2013-05-19 00:58 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt

2013-05-18 04:05 - 2013-05-18 04:06 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt

2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____R (Swearware) C:\Users\Rob\Desktop\dds.com

2013-05-18 03:37 - 2013-05-18 03:37 - 00000355 ____A C:\Users\Rob\Desktop\Computer - Shortcut.lnk

2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm

2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Google

2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Google

2013-05-17 11:59 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-17 11:59 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-17 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-17 11:35 - 2012-10-09 15:28 - 00017273 ____A C:\Windows\System32\avgrep.txt

2013-05-17 10:03 - 2012-04-12 16:40 - 01712567 ____A C:\Windows\WindowsUpdate.log

2013-05-17 09:52 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-05-16 12:36 - 2012-07-14 06:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-16 12:34 - 2012-07-14 06:41 - 00001157 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-16 12:33 - 2013-05-16 12:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe

2013-05-16 09:17 - 2009-07-13 20:45 - 00292088 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI

2013-05-16 08:55 - 2012-06-01 22:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 15:11 - 2012-06-07 14:07 - 00501816 ____A C:\Users\Rob\AppData\Roaming\mv.db

2013-05-15 15:11 - 2012-06-07 13:50 - 00000000 ____D C:\photos

2013-05-15 13:51 - 2012-06-10 07:50 - 02359320 ____A C:\snp2sxp-001.raw

2013-05-15 12:30 - 2013-04-13 02:01 - 00000000 ____D C:\Users\Rob\Desktop\550 HEXACOPTER

2013-05-15 12:24 - 2013-02-02 03:27 - 00000000 ____D C:\Program Files (x86)\APM Planner

2013-05-15 09:13 - 2012-02-16 18:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 09:13 - 2012-02-16 18:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 15:40 - 2013-05-14 15:00 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt

2013-05-14 14:55 - 2012-06-07 13:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-14 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-13 15:32 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc

2013-05-09 08:47 - 2012-10-05 09:29 - 00001009 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-05-08 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-04-28 05:43 - 2012-12-30 13:37 - 00000000 ____D C:\Users\Rob\Desktop\16 CAMERA

2013-04-25 09:29 - 2012-06-09 14:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-23 12:00 - 2013-04-11 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-04-22 13:27 - 2013-04-22 13:27 - 00000000 ____D C:\Users\Rob\Desktop\SAT

2013-04-22 12:54 - 2013-04-22 12:54 - 00161348 ____A C:\Users\Rob\Downloads\IKS SettingsHD Spiderbox Usals.zip

2013-04-22 11:33 - 2013-04-22 11:33 - 03676888 ____A C:\Users\Public\Documents\312730501.zip

2013-04-21 15:17 - 2012-04-12 16:55 - 00046110 ____A C:\Windows\DPINST.LOG

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1064342506-1899143691-2716940641-1001\$4aa5e0f9f248a9e84b502c13be0defc1

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-11 21:25:49

Restore point made on: 2013-04-14 02:15:53

Restore point made on: 2013-04-21 15:15:47

Restore point made on: 2013-04-25 09:12:55

Restore point made on: 2013-05-14 10:25:08

Restore point made on: 2013-05-16 08:43:01

==================== Memory info ===========================

Percentage of memory in use: 9%

Total physical RAM: 8151.8 MB

Available physical RAM: 7338.11 MB

Total Pagefile: 8150 MB

Available Pagefile: 7327.91 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (TI30875400A) (Fixed) (Total:914.18 GB) (Free:796.56 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 932 GB) (Disk ID: 84621240)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-05-14 10:17

==================== End Of Log ============================

Maniac · May 19, 2013

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

BigRob · May 22, 2013

Hi Maniac, I have done all that you advised and have borrowed a PC for now. As the infected PC is only a year old, I'd like, if feasible, to resurrect it. it's a Toshiba with Windows 7 in a partition but I have misplaced (thanks Mrs BigRob) the recovery disc. Is that partition still safe? Is it advisable to format and install without buying a new hard drive? Many thanks again for your help.

Maniac · May 22, 2013

You don't have to buy a new hard drive, just to format this one. If you want to proceed, I would help you, but I can't guarantee that it will be 100% secure afterwards.

BigRob · May 22, 2013

Your help would be very much appreciated but with banking, ebay and such, I'd like to be as safe as possible. I probably haven't had the best protection from day 1 but that will change.

Maniac · May 23, 2013

Immediately change all of your passwords from a clean computer and generate a new fresh FRST log file. Also, please contact your bank to explain them your situation.

BigRob · May 23, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2013

Ran by SYSTEM on 23-05-2013 21:33:26

Running from G:\