Jump to content

Recommended Posts

Hi

 

I recently downloaded and used Malwarebytes to remove Torpig.

 

It seemed to remove it successfully and now when I run a scan I get the following log

 

atabase version: v2013.09.01.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Catherine Leetch :: CATHERINELEETCH [administrator]
 
1/09/2013 10:35:49 PM
mbam-log-2013-09-01 (22-35-49).txt
 
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445975
Time elapsed: 1 hour(s), 49 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Before I ran Malwarebytes I got the following log
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.28.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Catherine Leetch :: CATHERINELEETCH [administrator]
 
29/07/2013 4:59:36 PM
mbam-log-2013-07-29 (16-59-36).txt
 
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417604
Time elapsed: 2 hour(s), 10 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 1
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.
 
Registry Keys Detected: 12
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.
 
(end)
 
However, my ISP is still telling me that my machine is infected. I removed myself from the blacklist removal centre but I have been put back on there again.
 
I have also run TDSS Killer and got the following report:
 
15:56:59.0053 6876  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:57:00.0898 6876  ============================================================
15:57:00.0898 6876  Current date / time: 2013/09/02 15:57:00.0898
15:57:00.0898 6876  SystemInfo:
15:57:00.0898 6876  
15:57:00.0898 6876  OS Version: 6.1.7601 ServicePack: 1.0
15:57:00.0898 6876  Product type: Workstation
15:57:00.0898 6876  ComputerName: CATHERINELEETCH
15:57:00.0898 6876  UserName: Catherine Leetch
15:57:00.0898 6876  Windows directory: C:\windows
15:57:00.0898 6876  System windows directory: C:\windows
15:57:00.0898 6876  Processor architecture: Intel x86
15:57:00.0898 6876  Number of processors: 2
15:57:00.0898 6876  Page size: 0x1000
15:57:00.0898 6876  Boot type: Normal boot
15:57:00.0898 6876  ============================================================
15:57:01.0603 6876  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:57:01.0613 6876  ============================================================
15:57:01.0613 6876  \Device\Harddisk0\DR0:
15:57:01.0613 6876  MBR partitions:
15:57:01.0613 6876  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38AD0800
15:57:01.0613 6876  ============================================================
15:57:01.0638 6876  C: <-> \Device\Harddisk0\DR0\Partition1
15:57:01.0638 6876  ============================================================
15:57:01.0638 6876  Initialize success
15:57:01.0638 6876  ============================================================
15:58:01.0662 7776  ============================================================
15:58:01.0662 7776  Scan started
15:58:01.0662 7776  Mode: Manual; 
15:58:01.0662 7776  ============================================================
15:58:02.0447 7776  ================ Scan system memory ========================
15:58:02.0447 7776  System memory - ok
15:58:02.0447 7776  ================ Scan services =============================
15:58:02.0687 7776  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:58:02.0687 7776  1394ohci - ok
15:58:02.0712 7776  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:58:02.0717 7776  ACPI - ok
15:58:02.0737 7776  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
15:58:02.0742 7776  AcpiPmi - ok
15:58:02.0792 7776  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
15:58:02.0797 7776  adp94xx - ok
15:58:02.0817 7776  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
15:58:02.0822 7776  adpahci - ok
15:58:02.0852 7776  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
15:58:02.0852 7776  adpu320 - ok
15:58:02.0917 7776  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:58:02.0917 7776  AeLookupSvc - ok
15:58:02.0992 7776  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
15:58:02.0997 7776  AFD - ok
15:58:03.0062 7776  [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
15:58:03.0072 7776  AgereSoftModem - ok
15:58:03.0112 7776  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
15:58:03.0112 7776  agp440 - ok
15:58:03.0162 7776  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
15:58:03.0167 7776  aic78xx - ok
15:58:03.0202 7776  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
15:58:03.0202 7776  ALG - ok
15:58:03.0217 7776  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
15:58:03.0217 7776  aliide - ok
15:58:03.0272 7776  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
15:58:03.0272 7776  amdagp - ok
15:58:03.0297 7776  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
15:58:03.0297 7776  amdide - ok
15:58:03.0337 7776  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
15:58:03.0337 7776  AmdK8 - ok
15:58:03.0362 7776  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
15:58:03.0362 7776  AmdPPM - ok
15:58:03.0392 7776  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:58:03.0397 7776  amdsata - ok
15:58:03.0442 7776  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
15:58:03.0447 7776  amdsbs - ok
15:58:03.0487 7776  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:58:03.0492 7776  amdxata - ok
15:58:03.0532 7776  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
15:58:03.0537 7776  AppID - ok
15:58:03.0562 7776  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:58:03.0567 7776  AppIDSvc - ok
15:58:03.0612 7776  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\windows\System32\appinfo.dll
15:58:03.0612 7776  Appinfo - ok
15:58:03.0732 7776  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:58:03.0732 7776  Apple Mobile Device - ok
15:58:03.0772 7776  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
15:58:03.0772 7776  arc - ok
15:58:03.0792 7776  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
15:58:03.0792 7776  arcsas - ok
15:58:03.0967 7776  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:58:03.0967 7776  aspnet_state - ok
15:58:04.0022 7776  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
15:58:04.0027 7776  aswFsBlk - ok
15:58:04.0063 7776  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
15:58:04.0063 7776  aswMonFlt - ok
15:58:04.0078 7776  [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
15:58:04.0078 7776  aswRdr - ok
15:58:04.0088 7776  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
15:58:04.0088 7776  aswRvrt - ok
15:58:04.0118 7776  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
15:58:04.0128 7776  aswSnx - ok
15:58:04.0163 7776  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\windows\system32\drivers\aswSP.sys
15:58:04.0168 7776  aswSP - ok
15:58:04.0188 7776  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
15:58:04.0193 7776  aswTdi - ok
15:58:04.0213 7776  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
15:58:04.0213 7776  aswVmm - ok
15:58:04.0238 7776  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:58:04.0243 7776  AsyncMac - ok
15:58:04.0293 7776  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
15:58:04.0293 7776  atapi - ok
15:58:04.0358 7776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:58:04.0363 7776  AudioEndpointBuilder - ok
15:58:04.0373 7776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
15:58:04.0373 7776  Audiosrv - ok
15:58:04.0438 7776  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:58:04.0438 7776  avast! Antivirus - ok
15:58:04.0493 7776  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:58:04.0493 7776  AxInstSV - ok
15:58:04.0538 7776  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
15:58:04.0543 7776  b06bdrv - ok
15:58:04.0573 7776  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
15:58:04.0578 7776  b57nd60x - ok
15:58:04.0698 7776  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
15:58:04.0698 7776  BBSvc - ok
15:58:04.0738 7776  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
15:58:04.0743 7776  BBUpdate - ok
15:58:04.0798 7776  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:58:04.0798 7776  BcmSqlStartupSvc - ok
15:58:04.0843 7776  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
15:58:04.0843 7776  BDESVC - ok
15:58:04.0883 7776  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
15:58:04.0888 7776  Beep - ok
15:58:04.0948 7776  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
15:58:04.0958 7776  BFE - ok
15:58:05.0008 7776  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\system32\qmgr.dll
15:58:05.0018 7776  BITS - ok
15:58:05.0038 7776  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:58:05.0038 7776  blbdrive - ok
15:58:05.0113 7776  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:58:05.0118 7776  Bonjour Service - ok
15:58:05.0163 7776  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:58:05.0163 7776  bowser - ok
15:58:05.0183 7776  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
15:58:05.0183 7776  BrFiltLo - ok
15:58:05.0193 7776  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
15:58:05.0193 7776  BrFiltUp - ok
15:58:05.0228 7776  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
15:58:05.0233 7776  BridgeMP - ok
15:58:05.0273 7776  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
15:58:05.0278 7776  Browser - ok
15:58:05.0303 7776  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:58:05.0308 7776  Brserid - ok
15:58:05.0338 7776  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:58:05.0343 7776  BrSerWdm - ok
15:58:05.0353 7776  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:58:05.0353 7776  BrUsbMdm - ok
15:58:05.0363 7776  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:58:05.0368 7776  BrUsbSer - ok
15:58:05.0383 7776  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
15:58:05.0383 7776  BTHMODEM - ok
15:58:05.0428 7776  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
15:58:05.0433 7776  bthserv - ok
15:58:05.0528 7776  catchme - ok
15:58:05.0548 7776  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:58:05.0548 7776  cdfs - ok
15:58:05.0608 7776  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
15:58:05.0608 7776  cdrom - ok
15:58:05.0663 7776  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
15:58:05.0663 7776  CertPropSvc - ok
15:58:05.0733 7776  [ B1C693994D8127F4BE1FDDE4C19684BA ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
15:58:05.0733 7776  cfWiMAXService - ok
15:58:05.0788 7776  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
15:58:05.0788 7776  circlass - ok
15:58:05.0813 7776  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
15:58:05.0818 7776  CLFS - ok
15:58:05.0868 7776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:58:05.0873 7776  clr_optimization_v2.0.50727_32 - ok
15:58:05.0928 7776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:58:05.0953 7776  clr_optimization_v4.0.30319_32 - ok
15:58:05.0988 7776  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:58:05.0988 7776  CmBatt - ok
15:58:06.0018 7776  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:58:06.0018 7776  cmdide - ok
15:58:06.0068 7776  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
15:58:06.0073 7776  CNG - ok
15:58:06.0093 7776  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:58:06.0093 7776  Compbatt - ok
15:58:06.0153 7776  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:58:06.0153 7776  CompositeBus - ok
15:58:06.0163 7776  COMSysApp - ok
15:58:06.0188 7776  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:58:06.0188 7776  ConfigFree Service - ok
15:58:06.0218 7776  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
15:58:06.0218 7776  crcdisk - ok
15:58:06.0258 7776  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:58:06.0263 7776  CryptSvc - ok
15:58:06.0303 7776  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
15:58:06.0308 7776  DcomLaunch - ok
15:58:06.0333 7776  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
15:58:06.0338 7776  defragsvc - ok
15:58:06.0378 7776  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:58:06.0378 7776  DfsC - ok
15:58:06.0403 7776  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
15:58:06.0408 7776  Dhcp - ok
15:58:06.0443 7776  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
15:58:06.0443 7776  discache - ok
15:58:06.0473 7776  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:58:06.0473 7776  Disk - ok
15:58:06.0513 7776  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:58:06.0518 7776  Dnscache - ok
15:58:06.0573 7776  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
15:58:06.0578 7776  dot3svc - ok
15:58:06.0618 7776  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
15:58:06.0618 7776  DPS - ok
15:58:06.0658 7776  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:58:06.0658 7776  drmkaud - ok
15:58:06.0713 7776  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:58:06.0718 7776  DXGKrnl - ok
15:58:06.0763 7776  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
15:58:06.0763 7776  EapHost - ok
15:58:06.0853 7776  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
15:58:06.0923 7776  ebdrv - ok
15:58:06.0963 7776  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
15:58:06.0968 7776  EFS - ok
15:58:07.0043 7776  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
15:58:07.0048 7776  ehRecvr - ok
15:58:07.0069 7776  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
15:58:07.0074 7776  ehSched - ok
15:58:07.0114 7776  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
15:58:07.0119 7776  elxstor - ok
15:58:07.0159 7776  [ F13C945115B8A8C7C4427D5925F88F23 ] enecir          C:\windows\system32\DRIVERS\enecir.sys
15:58:07.0159 7776  enecir - ok
15:58:07.0184 7776  [ 65BF24816C2814596253F312DD35F171 ] enecirhid       C:\windows\system32\DRIVERS\enecirhid.sys
15:58:07.0184 7776  enecirhid - ok
15:58:07.0194 7776  [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma     C:\windows\system32\DRIVERS\enecirhidma.sys
15:58:07.0194 7776  enecirhidma - ok
15:58:07.0219 7776  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:58:07.0219 7776  ErrDev - ok
15:58:07.0259 7776  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
15:58:07.0264 7776  EventSystem - ok
15:58:07.0294 7776  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
15:58:07.0294 7776  exfat - ok
15:58:07.0324 7776  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:58:07.0324 7776  fastfat - ok
15:58:07.0369 7776  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
15:58:07.0379 7776  Fax - ok
15:58:07.0394 7776  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
15:58:07.0394 7776  fdc - ok
15:58:07.0429 7776  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
15:58:07.0429 7776  fdPHost - ok
15:58:07.0449 7776  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
15:58:07.0449 7776  FDResPub - ok
15:58:07.0469 7776  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:58:07.0469 7776  FileInfo - ok
15:58:07.0484 7776  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:58:07.0484 7776  Filetrace - ok
15:58:07.0499 7776  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:58:07.0499 7776  flpydisk - ok
15:58:07.0529 7776  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:58:07.0529 7776  FltMgr - ok
15:58:07.0591 7776  [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb          C:\windows\system32\DRIVERS\FlyUsb.sys
15:58:07.0591 7776  FlyUsb - ok
15:58:07.0661 7776  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\windows\system32\FntCache.dll
15:58:07.0676 7776  FontCache - ok
15:58:07.0751 7776  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:58:07.0751 7776  FontCache3.0.0.0 - ok
15:58:07.0771 7776  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:58:07.0771 7776  FsDepends - ok
15:58:07.0806 7776  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:58:07.0811 7776  Fs_Rec - ok
15:58:07.0851 7776  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:58:07.0856 7776  fvevol - ok
15:58:07.0886 7776  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
15:58:07.0891 7776  gagp30kx - ok
15:58:07.0956 7776  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
15:58:07.0956 7776  GameConsoleService - ok
15:58:08.0021 7776  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:08.0026 7776  GEARAspiWDM - ok
15:58:08.0071 7776  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
15:58:08.0081 7776  gpsvc - ok
15:58:08.0176 7776  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:58:08.0176 7776  gupdate - ok
15:58:08.0216 7776  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:58:08.0216 7776  gupdatem - ok
15:58:08.0251 7776  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:58:08.0251 7776  gusvc - ok
15:58:08.0286 7776  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:58:08.0286 7776  hcw85cir - ok
15:58:08.0336 7776  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:58:08.0341 7776  HdAudAddService - ok
15:58:08.0366 7776  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
15:58:08.0366 7776  HDAudBus - ok
15:58:08.0391 7776  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
15:58:08.0391 7776  HidBatt - ok
15:58:08.0406 7776  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
15:58:08.0411 7776  HidBth - ok
15:58:08.0446 7776  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
15:58:08.0446 7776  HidIr - ok
15:58:08.0466 7776  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
15:58:08.0466 7776  hidserv - ok
15:58:08.0521 7776  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\drivers\hidusb.sys
15:58:08.0526 7776  HidUsb - ok
15:58:08.0556 7776  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:58:08.0556 7776  hkmsvc - ok
15:58:08.0601 7776  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:58:08.0606 7776  HomeGroupListener - ok
15:58:08.0641 7776  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:58:08.0651 7776  HomeGroupProvider - ok
15:58:08.0671 7776  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:58:08.0676 7776  HpSAMD - ok
15:58:08.0721 7776  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:58:08.0731 7776  HTTP - ok
15:58:08.0771 7776  hwdatacard - ok
15:58:08.0791 7776  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:58:08.0791 7776  hwpolicy - ok
15:58:08.0841 7776  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
15:58:08.0841 7776  i8042prt - ok
15:58:08.0866 7776  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:58:08.0871 7776  iaStor - ok
15:58:08.0906 7776  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:58:08.0911 7776  iaStorV - ok
15:58:08.0991 7776  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:58:09.0001 7776  idsvc - ok
15:58:09.0046 7776  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
15:58:09.0046 7776  iirsp - ok
15:58:09.0086 7776  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
15:58:09.0096 7776  IKEEXT - ok
15:58:09.0201 7776  [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
15:58:09.0231 7776  IntcAzAudAddService - ok
15:58:09.0251 7776  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
15:58:09.0251 7776  intelide - ok
15:58:09.0296 7776  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:58:09.0301 7776  intelppm - ok
15:58:09.0326 7776  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:58:09.0331 7776  IPBusEnum - ok
15:58:09.0351 7776  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:58:09.0356 7776  IpFilterDriver - ok
15:58:09.0406 7776  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:58:09.0416 7776  iphlpsvc - ok
15:58:09.0451 7776  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
15:58:09.0451 7776  IPMIDRV - ok
15:58:09.0486 7776  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:58:09.0486 7776  IPNAT - ok
15:58:09.0556 7776  [ D8B8B5A8FE57CF4F307A540D9A153C23 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:58:09.0566 7776  iPod Service - ok
15:58:09.0591 7776  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:58:09.0596 7776  IRENUM - ok
15:58:09.0616 7776  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:58:09.0616 7776  isapnp - ok
15:58:09.0661 7776  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:58:09.0666 7776  iScsiPrt - ok
15:58:09.0706 7776  [ 65DA9FA42C0972FE5B9B7D6047F06F4C ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
15:58:09.0706 7776  JMCR - ok
15:58:09.0741 7776  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
15:58:09.0741 7776  kbdclass - ok
15:58:09.0761 7776  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
15:58:09.0761 7776  kbdhid - ok
15:58:09.0776 7776  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
15:58:09.0776 7776  KeyIso - ok
15:58:09.0816 7776  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:58:09.0821 7776  KSecDD - ok
15:58:09.0831 7776  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:58:09.0831 7776  KSecPkg - ok
15:58:09.0871 7776  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
15:58:09.0876 7776  KtmRm - ok
15:58:09.0951 7776  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
15:58:09.0961 7776  LanmanServer - ok
15:58:10.0001 7776  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:58:10.0006 7776  LanmanWorkstation - ok
15:58:10.0251 7776  [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
15:58:10.0386 7776  LeapFrog Connect Device Service - ok
15:58:10.0431 7776  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:58:10.0431 7776  lltdio - ok
15:58:10.0456 7776  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:58:10.0461 7776  lltdsvc - ok
15:58:10.0476 7776  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
15:58:10.0481 7776  lmhosts - ok
15:58:10.0511 7776  [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
15:58:10.0516 7776  LPCFilter - ok
15:58:10.0556 7776  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
15:58:10.0556 7776  LSI_FC - ok
15:58:10.0571 7776  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
15:58:10.0576 7776  LSI_SAS - ok
15:58:10.0586 7776  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
15:58:10.0591 7776  LSI_SAS2 - ok
15:58:10.0601 7776  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
15:58:10.0601 7776  LSI_SCSI - ok
15:58:10.0631 7776  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
15:58:10.0631 7776  luafv - ok
15:58:10.0651 7776  lxbf_device - ok
15:58:10.0696 7776  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
15:58:10.0696 7776  Mcx2Svc - ok
15:58:10.0726 7776  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
15:58:10.0726 7776  megasas - ok
15:58:10.0761 7776  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
15:58:10.0766 7776  MegaSR - ok
15:58:10.0786 7776  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
15:58:10.0791 7776  MMCSS - ok
15:58:10.0836 7776  [ 8AEEB5397543568860C6F681E2ED6686 ] mod7700         C:\windows\system32\Drivers\dvb7700all.sys
15:58:10.0846 7776  mod7700 - ok
15:58:10.0866 7776  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
15:58:10.0871 7776  Modem - ok
15:58:10.0906 7776  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:58:10.0911 7776  monitor - ok
15:58:10.0936 7776  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\drivers\mouclass.sys
15:58:10.0936 7776  mouclass - ok
15:58:10.0961 7776  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:58:10.0966 7776  mouhid - ok
15:58:11.0021 7776  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:58:11.0021 7776  mountmgr - ok
15:58:11.0066 7776  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
15:58:11.0071 7776  mpio - ok
15:58:11.0091 7776  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:58:11.0096 7776  mpsdrv - ok
15:58:11.0151 7776  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:58:11.0156 7776  MpsSvc - ok
15:58:11.0201 7776  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:58:11.0201 7776  MRxDAV - ok
15:58:11.0236 7776  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:58:11.0236 7776  mrxsmb - ok
15:58:11.0286 7776  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:58:11.0291 7776  mrxsmb10 - ok
15:58:11.0306 7776  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:58:11.0306 7776  mrxsmb20 - ok
15:58:11.0346 7776  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
15:58:11.0346 7776  msahci - ok
15:58:11.0371 7776  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
15:58:11.0371 7776  msdsm - ok
15:58:11.0406 7776  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
15:58:11.0411 7776  MSDTC - ok
15:58:11.0451 7776  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:58:11.0451 7776  Msfs - ok
15:58:11.0456 7776  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:58:11.0456 7776  mshidkmdf - ok
15:58:11.0471 7776  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:58:11.0476 7776  msisadrv - ok
15:58:11.0496 7776  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:58:11.0501 7776  MSiSCSI - ok
15:58:11.0506 7776  msiserver - ok
15:58:11.0521 7776  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:58:11.0526 7776  MSKSSRV - ok
15:58:11.0541 7776  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:58:11.0546 7776  MSPCLOCK - ok
15:58:11.0556 7776  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:58:11.0556 7776  MSPQM - ok
15:58:11.0576 7776  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:58:11.0576 7776  MsRPC - ok
15:58:11.0616 7776  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:58:11.0621 7776  mssmbios - ok
15:58:11.0671 7776  MSSQL$MSSMLBIZ - ok
15:58:11.0726 7776  MSSQL$SQLEXPRESS - ok
15:58:11.0766 7776  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:58:11.0766 7776  MSSQLServerADHelper - ok
15:58:11.0796 7776  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:58:11.0801 7776  MSTEE - ok
15:58:11.0821 7776  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
15:58:11.0826 7776  MTConfig - ok
15:58:11.0841 7776  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
15:58:11.0841 7776  Mup - ok
15:58:11.0981 7776  [ D1012ACD7C3B5CECA8DE05B5AC176B4B ] MYOB AccountRight Library C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe
15:58:11.0981 7776  MYOB AccountRight Library - ok
15:58:12.0051 7776  [ 16429AE4EC1B97693C9BBAF17E35AAC8 ] MYOB AccountRight Server 2013.2 C:\Program Files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe
15:58:12.0056 7776  MYOB AccountRight Server 2013.2 - ok
15:58:12.0156 7776  [ 1DD630D80077C5967C1AFBB2181A5BC8 ] MYOB AccountRight Server 2013.3 C:\Program Files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe
15:58:12.0161 7776  MYOB AccountRight Server 2013.3 - ok
15:58:12.0221 7776  [ 6C440033C268CF9F00E302ECAB74D0D6 ] MYOB AccountRight Server Locator C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe
15:58:12.0221 7776  MYOB AccountRight Server Locator - ok
15:58:12.0271 7776  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
15:58:12.0276 7776  napagent - ok
15:58:12.0336 7776  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:58:12.0341 7776  NativeWifiP - ok
15:58:12.0381 7776  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:58:12.0386 7776  NDIS - ok
15:58:12.0416 7776  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:58:12.0416 7776  NdisCap - ok
15:58:12.0451 7776  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:58:12.0451 7776  NdisTapi - ok
15:58:12.0506 7776  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:58:12.0506 7776  Ndisuio - ok
15:58:12.0541 7776  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:58:12.0541 7776  NdisWan - ok
15:58:12.0556 7776  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:58:12.0556 7776  NDProxy - ok
15:58:12.0591 7776  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:58:12.0596 7776  NetBIOS - ok
15:58:12.0636 7776  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:58:12.0641 7776  NetBT - ok
15:58:12.0651 7776  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
15:58:12.0656 7776  Netlogon - ok
15:58:12.0696 7776  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
15:58:12.0701 7776  Netman - ok
15:58:12.0761 7776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:58:12.0766 7776  NetMsmqActivator - ok
15:58:12.0786 7776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:58:12.0786 7776  NetPipeActivator - ok
15:58:12.0811 7776  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
15:58:12.0816 7776  netprofm - ok
15:58:12.0826 7776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:58:12.0826 7776  NetTcpActivator - ok
15:58:12.0836 7776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:58:12.0836 7776  NetTcpPortSharing - ok
15:58:13.0006 7776  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\windows\system32\DRIVERS\NETw5s32.sys
15:58:13.0146 7776  NETw5s32 - ok
15:58:13.0256 7776  [ AF1AE2E42B03395560B1CDE03230205C ] netw5v32        C:\windows\system32\DRIVERS\netw5v32.sys
15:58:13.0336 7776  netw5v32 - ok
15:58:13.0376 7776  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
15:58:13.0381 7776  nfrd960 - ok
15:58:13.0416 7776  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:58:13.0421 7776  NlaSvc - ok
15:58:13.0436 7776  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:58:13.0436 7776  Npfs - ok
15:58:13.0456 7776  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
15:58:13.0461 7776  nsi - ok
15:58:13.0476 7776  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:58:13.0476 7776  nsiproxy - ok
15:58:13.0546 7776  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:58:13.0561 7776  Ntfs - ok
15:58:13.0586 7776  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
15:58:13.0586 7776  Null - ok
15:58:13.0626 7776  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\windows\system32\drivers\nvhda32v.sys
15:58:13.0631 7776  NVHDA - ok
15:58:13.0846 7776  [ F484E314C710B9C297F9AB363FF74370 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
15:58:14.0018 7776  nvlddmkm - ok
15:58:14.0063 7776  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:58:14.0068 7776  nvraid - ok
15:58:14.0083 7776  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:58:14.0088 7776  nvstor - ok
15:58:14.0133 7776  [ 77E4618BAA5D786DF7CB993F1398EF97 ] nvsvc           C:\windows\system32\nvvsvc.exe
15:58:14.0138 7776  nvsvc - ok
15:58:14.0163 7776  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:58:14.0168 7776  nv_agp - ok
15:58:14.0273 7776  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:58:14.0278 7776  odserv - ok
15:58:14.0313 7776  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:58:14.0313 7776  ohci1394 - ok
15:58:14.0368 7776  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:14.0368 7776  ose - ok
15:58:14.0413 7776  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:58:14.0418 7776  p2pimsvc - ok
15:58:14.0438 7776  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
15:58:14.0448 7776  p2psvc - ok
15:58:14.0478 7776  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
15:58:14.0478 7776  Parport - ok
15:58:14.0518 7776  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:58:14.0518 7776  partmgr - ok
15:58:14.0533 7776  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
15:58:14.0538 7776  Parvdm - ok
15:58:14.0563 7776  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:58:14.0568 7776  PcaSvc - ok
15:58:14.0598 7776  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
15:58:14.0603 7776  pci - ok
15:58:14.0618 7776  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
15:58:14.0618 7776  pciide - ok
15:58:14.0638 7776  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
15:58:14.0643 7776  pcmcia - ok
15:58:14.0663 7776  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
15:58:14.0663 7776  pcw - ok
15:58:14.0693 7776  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:58:14.0698 7776  PEAUTH - ok
15:58:14.0738 7776  [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
15:58:14.0738 7776  PGEffect - ok
15:58:14.0803 7776  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
15:58:14.0823 7776  pla - ok
15:58:14.0878 7776  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:58:14.0888 7776  PlugPlay - ok
15:58:14.0918 7776  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:58:14.0923 7776  PNRPAutoReg - ok
15:58:14.0933 7776  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:58:14.0938 7776  PNRPsvc - ok
15:58:14.0993 7776  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:58:14.0998 7776  PolicyAgent - ok
15:58:15.0043 7776  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
15:58:15.0048 7776  Power - ok
15:58:15.0088 7776  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:58:15.0093 7776  PptpMiniport - ok
15:58:15.0113 7776  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
15:58:15.0113 7776  Processor - ok
15:58:15.0153 7776  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\windows\system32\profsvc.dll
15:58:15.0158 7776  ProfSvc - ok
15:58:15.0178 7776  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
15:58:15.0178 7776  ProtectedStorage - ok
15:58:15.0213 7776  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:58:15.0213 7776  Psched - ok
15:58:15.0263 7776  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
15:58:15.0278 7776  ql2300 - ok
15:58:15.0303 7776  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
15:58:15.0303 7776  ql40xx - ok
15:58:15.0328 7776  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
15:58:15.0338 7776  QWAVE - ok
15:58:15.0348 7776  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:58:15.0353 7776  QWAVEdrv - ok
15:58:15.0378 7776  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:58:15.0383 7776  RasAcd - ok
15:58:15.0413 7776  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:58:15.0418 7776  RasAgileVpn - ok
15:58:15.0428 7776  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
15:58:15.0433 7776  RasAuto - ok
15:58:15.0453 7776  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:58:15.0453 7776  Rasl2tp - ok
15:58:15.0503 7776  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
15:58:15.0513 7776  RasMan - ok
15:58:15.0523 7776  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:58:15.0528 7776  RasPppoe - ok
15:58:15.0543 7776  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:58:15.0548 7776  RasSstp - ok
15:58:15.0558 7776  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:58:15.0563 7776  rdbss - ok
15:58:15.0588 7776  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
15:58:15.0588 7776  rdpbus - ok
15:58:15.0628 7776  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:58:15.0628 7776  RDPCDD - ok
15:58:15.0653 7776  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:58:15.0658 7776  RDPENCDD - ok
15:58:15.0673 7776  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:58:15.0673 7776  RDPREFMP - ok
15:58:15.0718 7776  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:58:15.0723 7776  RDPWD - ok
15:58:15.0773 7776  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:58:15.0778 7776  rdyboost - ok
15:58:15.0803 7776  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
15:58:15.0808 7776  RemoteAccess - ok
15:58:15.0828 7776  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:58:15.0833 7776  RemoteRegistry - ok
15:58:15.0848 7776  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:58:15.0853 7776  RpcEptMapper - ok
15:58:15.0878 7776  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
15:58:15.0878 7776  RpcLocator - ok
15:58:15.0913 7776  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
15:58:15.0918 7776  RpcSs - ok
15:58:15.0953 7776  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:58:15.0953 7776  rspndr - ok
15:58:15.0993 7776  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
15:58:15.0993 7776  RTL8167 - ok
15:58:16.0008 7776  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
15:58:16.0013 7776  SamSs - ok
15:58:16.0053 7776  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:58:16.0053 7776  sbp2port - ok
15:58:16.0088 7776  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:58:16.0098 7776  SCardSvr - ok
15:58:16.0138 7776  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:58:16.0143 7776  scfilter - ok
15:58:16.0198 7776  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
15:58:16.0213 7776  Schedule - ok
15:58:16.0253 7776  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
15:58:16.0253 7776  SCPolicySvc - ok
15:58:16.0303 7776  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\windows\system32\drivers\sdbus.sys
15:58:16.0308 7776  sdbus - ok
15:58:16.0323 7776  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:58:16.0328 7776  SDRSVC - ok
15:58:16.0348 7776  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:58:16.0353 7776  secdrv - ok
15:58:16.0373 7776  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
15:58:16.0378 7776  seclogon - ok
15:58:16.0398 7776  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
15:58:16.0403 7776  SENS - ok
15:58:16.0408 7776  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:58:16.0418 7776  SensrSvc - ok
15:58:16.0438 7776  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
15:58:16.0438 7776  Serenum - ok
15:58:16.0453 7776  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:58:16.0453 7776  Serial - ok
15:58:16.0498 7776  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:58:16.0498 7776  sermouse - ok
15:58:16.0543 7776  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
15:58:16.0553 7776  SessionEnv - ok
15:58:16.0583 7776  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
15:58:16.0588 7776  sffdisk - ok
15:58:16.0608 7776  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:58:16.0608 7776  sffp_mmc - ok
15:58:16.0618 7776  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
15:58:16.0623 7776  sffp_sd - ok
15:58:16.0658 7776  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
15:58:16.0663 7776  sfloppy - ok
15:58:16.0698 7776  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:58:16.0703 7776  SharedAccess - ok
15:58:16.0733 7776  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:58:16.0738 7776  ShellHWDetection - ok
15:58:16.0778 7776  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
15:58:16.0783 7776  sisagp - ok
15:58:16.0813 7776  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
15:58:16.0813 7776  SiSRaid2 - ok
15:58:16.0838 7776  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
15:58:16.0838 7776  SiSRaid4 - ok
15:58:16.0913 7776  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:58:16.0913 7776  SkypeUpdate - ok
15:58:16.0963 7776  [ 9D819137BBDEE71F4241706ACF80FBE1 ] SMARTMouseFilterx86 C:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys
15:58:16.0963 7776  SMARTMouseFilterx86 - ok
15:58:16.0983 7776  [ 2D362731FAC8440E9D3A43F5D1DAE280 ] SMARTVHidMini2000x86 C:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
15:58:16.0983 7776  SMARTVHidMini2000x86 - ok
15:58:17.0003 7776  [ CB07B494D60A0F31B12B01DEE0FB251F ] SMARTVTabletPCx86 C:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys
15:58:17.0003 7776  SMARTVTabletPCx86 - ok
15:58:17.0048 7776  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:58:17.0048 7776  Smb - ok
15:58:17.0093 7776  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:58:17.0098 7776  SNMPTRAP - ok
15:58:17.0103 7776  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
15:58:17.0108 7776  spldr - ok
15:58:17.0148 7776  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\windows\System32\spoolsv.exe
15:58:17.0158 7776  Spooler - ok
15:58:17.0233 7776  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
15:58:17.0303 7776  sppsvc - ok
15:58:17.0343 7776  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:58:17.0348 7776  sppuinotify - ok
15:58:17.0388 7776  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:58:17.0393 7776  SQLBrowser - ok
15:58:17.0423 7776  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:58:17.0423 7776  SQLWriter - ok
15:58:17.0473 7776  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
15:58:17.0478 7776  srv - ok
15:58:17.0508 7776  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:58:17.0513 7776  srv2 - ok
15:58:17.0523 7776  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:58:17.0528 7776  srvnet - ok
15:58:17.0553 7776  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:58:17.0563 7776  SSDPSRV - ok
15:58:17.0578 7776  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:58:17.0583 7776  SstpSvc - ok
15:58:17.0608 7776  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
15:58:17.0608 7776  stexstor - ok
15:58:17.0673 7776  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
15:58:17.0683 7776  StiSvc - ok
15:58:17.0728 7776  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
15:58:17.0733 7776  swenum - ok
15:58:17.0778 7776  [ C4FAE11714250D65B721A8D3037BBA67 ] swg3kser00      C:\windows\system32\DRIVERS\swg3kser00.sys
15:58:17.0783 7776  swg3kser00 - ok
15:58:17.0793 7776  [ 1A279C2F69F4F6CCDE1D15EC1D7EE862 ] swiwdmbx        C:\windows\system32\DRIVERS\swiwdmbx.sys
15:58:17.0798 7776  swiwdmbx - ok
15:58:17.0823 7776  [ 1D394F1585793AC2A9738028FF97FBE3 ] SWNC8UA3        C:\windows\system32\DRIVERS\swnc8ua3.sys
15:58:17.0823 7776  SWNC8UA3 - ok
15:58:17.0863 7776  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
15:58:17.0868 7776  swprv - ok
15:58:17.0918 7776  [ 3F4982DE07D89A1084861E9D59F7EBB1 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
15:58:17.0918 7776  SynTP - ok
15:58:17.0983 7776  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
15:58:17.0998 7776  SysMain - ok
15:58:18.0038 7776  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
15:58:18.0043 7776  TabletInputService - ok
15:58:18.0079 7776  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
15:58:18.0089 7776  TapiSrv - ok
15:58:18.0114 7776  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
15:58:18.0119 7776  TBS - ok
15:58:18.0184 7776  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:58:18.0199 7776  Tcpip - ok
15:58:18.0254 7776  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:58:18.0264 7776  TCPIP6 - ok
15:58:18.0316 7776  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:58:18.0321 7776  tcpipreg - ok
15:58:18.0356 7776  [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
15:58:18.0356 7776  tdcmdpst - ok
15:58:18.0391 7776  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:58:18.0391 7776  TDPIPE - ok
15:58:18.0421 7776  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:58:18.0426 7776  TDTCP - ok
15:58:18.0471 7776  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:58:18.0471 7776  tdx - ok
15:58:18.0601 7776  [ D53118C165AE5D188632B6CDEEE82A1B ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
15:58:18.0691 7776  TeamViewer8 - ok
15:58:18.0736 7776  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
15:58:18.0736 7776  TermDD - ok
15:58:18.0796 7776  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
15:58:18.0806 7776  TermService - ok
15:58:18.0836 7776  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
15:58:18.0846 7776  Themes - ok
15:58:18.0871 7776  [ 9528F2A39CB660A49F0592D57127F370 ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
15:58:18.0871 7776  Thpdrv - ok
15:58:18.0911 7776  [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
15:58:18.0911 7776  Thpevm - ok
15:58:18.0946 7776  [ B8A7C3F812791A73147B6CC2380432EC ] Thpsrv          C:\windows\system32\ThpSrv.exe
15:58:18.0956 7776  Thpsrv - ok
15:58:18.0976 7776  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
15:58:18.0981 7776  THREADORDER - ok
15:58:19.0046 7776  [ F120967184A27E927052E8DDBB727851 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:58:19.0051 7776  TMachInfo - ok
15:58:19.0077 7776  [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv         C:\windows\system32\TODDSrv.exe
15:58:19.0082 7776  TODDSrv - ok
15:58:19.0137 7776  [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:58:19.0147 7776  TosCoSrv - ok
15:58:19.0197 7776  [ AC88D258F20909EEB91796F490CFBB73 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:58:19.0202 7776  TOSHIBA Bluetooth Service - ok
15:58:19.0242 7776  [ 613E6D8B0A572C5347A1088A1D2B5785 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
15:58:19.0242 7776  TOSHIBA eco Utility Service - ok
15:58:19.0272 7776  [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:58:19.0272 7776  TOSHIBA HDD SSD Alert Service - ok
15:58:19.0282 7776  Tosrfcom - ok
15:58:19.0327 7776  [ 9EE240F7029771B21CC6200BE6516D60 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
15:58:19.0332 7776  tosrfec - ok
15:58:19.0362 7776  [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
15:58:19.0367 7776  tos_sps32 - ok
15:58:19.0417 7776  [ 31D2881B0647F2B09B118B9B50C02888 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:58:19.0422 7776  TPCHSrv - ok
15:58:19.0447 7776  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
15:58:19.0457 7776  TrkWks - ok
15:58:19.0512 7776  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:58:19.0517 7776  TrustedInstaller - ok
15:58:19.0557 7776  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:58:19.0562 7776  tssecsrv - ok
15:58:19.0607 7776  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:58:19.0607 7776  TsUsbFlt - ok
15:58:19.0667 7776  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:58:19.0672 7776  tunnel - ok
15:58:19.0717 7776  [ FC24015B4052600C324C43E3A79C0664 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:58:19.0722 7776  TVALZ - ok
15:58:19.0742 7776  [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
15:58:19.0747 7776  TVALZFL - ok
15:58:19.0767 7776  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
15:58:19.0767 7776  uagp35 - ok
15:58:19.0792 7776  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:58:19.0797 7776  udfs - ok
15:58:19.0837 7776  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:58:19.0842 7776  UI0Detect - ok
15:58:19.0872 7776  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:58:19.0872 7776  uliagpkx - ok
15:58:19.0917 7776  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
15:58:19.0917 7776  umbus - ok
15:58:19.0942 7776  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
15:58:19.0942 7776  UmPass - ok
15:58:19.0972 7776  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
15:58:19.0982 7776  upnphost - ok
15:58:20.0017 7776  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
15:58:20.0022 7776  USBAAPL - ok
15:58:20.0032 7776  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:58:20.0037 7776  usbccgp - ok
15:58:20.0062 7776  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:58:20.0062 7776  usbcir - ok
15:58:20.0097 7776  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\windows\system32\drivers\usbehci.sys
15:58:20.0102 7776  usbehci - ok
15:58:20.0122 7776  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\windows\system32\drivers\usbhub.sys
15:58:20.0127 7776  usbhub - ok
15:58:20.0142 7776  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:58:20.0147 7776  usbohci - ok
15:58:20.0172 7776  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:58:20.0177 7776  usbprint - ok
15:58:20.0207 7776  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:58:20.0207 7776  usbscan - ok
15:58:20.0247 7776  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:58:20.0252 7776  USBSTOR - ok
15:58:20.0272 7776  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
15:58:20.0272 7776  usbuhci - ok
15:58:20.0302 7776  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
15:58:20.0307 7776  usbvideo - ok
15:58:20.0342 7776  [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys
15:58:20.0347 7776  usb_rndisx - ok
15:58:20.0367 7776  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
15:58:20.0372 7776  UxSms - ok
15:58:20.0387 7776  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
15:58:20.0392 7776  VaultSvc - ok
15:58:20.0442 7776  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:58:20.0442 7776  vdrvroot - ok
15:58:20.0497 7776  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
15:58:20.0507 7776  vds - ok
15:58:20.0532 7776  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:58:20.0537 7776  vga - ok
15:58:20.0552 7776  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
15:58:20.0552 7776  VgaSave - ok
15:58:20.0572 7776  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
15:58:20.0577 7776  vhdmp - ok
15:58:20.0607 7776  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
15:58:20.0612 7776  viaagp - ok
15:58:20.0617 7776  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
15:58:20.0617 7776  ViaC7 - ok
15:58:20.0652 7776  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
15:58:20.0657 7776  viaide - ok
15:58:20.0677 7776  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:58:20.0677 7776  volmgr - ok
15:58:20.0712 7776  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:58:20.0717 7776  volmgrx - ok
15:58:20.0732 7776  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:58:20.0732 7776  volsnap - ok
15:58:20.0762 7776  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
15:58:20.0762 7776  vsmraid - ok
15:58:20.0822 7776  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
15:58:20.0837 7776  VSS - ok
15:58:20.0867 7776  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:58:20.0872 7776  vwifibus - ok
15:58:20.0902 7776  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:58:20.0907 7776  vwififlt - ok
15:58:20.0947 7776  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
15:58:20.0952 7776  W32Time - ok
15:58:20.0977 7776  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
15:58:20.0982 7776  WacomPen - ok
15:58:21.0007 7776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:58:21.0007 7776  WANARP - ok
15:58:21.0012 7776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:58:21.0017 7776  Wanarpv6 - ok
15:58:21.0117 7776  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
15:58:21.0132 7776  WatAdminSvc - ok
15:58:21.0187 7776  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
15:58:21.0207 7776  wbengine - ok
15:58:21.0232 7776  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:58:21.0242 7776  WbioSrvc - ok
15:58:21.0287 7776  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:58:21.0297 7776  wcncsvc - ok
15:58:21.0312 7776  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:58:21.0317 7776  WcsPlugInService - ok
15:58:21.0347 7776  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
15:58:21.0347 7776  Wd - ok
15:58:21.0372 7776  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:58:21.0377 7776  Wdf01000 - ok
15:58:21.0407 7776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:58:21.0412 7776  WdiServiceHost - ok
15:58:21.0417 7776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:58:21.0422 7776  WdiSystemHost - ok
15:58:21.0462 7776  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
15:58:21.0472 7776  WebClient - ok
15:58:21.0492 7776  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:58:21.0502 7776  Wecsvc - ok
15:58:21.0522 7776  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:58:21.0527 7776  wercplsupport - ok
15:58:21.0547 7776  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
15:58:21.0552 7776  WerSvc - ok
15:58:21.0587 7776  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:58:21.0587 7776  WfpLwf - ok
15:58:21.0607 7776  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:58:21.0607 7776  WIMMount - ok
15:58:21.0682 7776  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:58:21.0692 7776  WinDefend - ok
15:58:21.0717 7776  WinHttpAutoProxySvc - ok
15:58:21.0772 7776  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:58:21.0772 7776  Winmgmt - ok
15:58:21.0842 7776  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
15:58:21.0862 7776  WinRM - ok
15:58:21.0922 7776  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:58:21.0922 7776  WinUsb - ok
15:58:21.0967 7776  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
15:58:21.0982 7776  Wlansvc - ok
15:58:22.0022 7776  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
15:58:22.0022 7776  WmiAcpi - ok
15:58:22.0062 7776  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:58:22.0062 7776  wmiApSrv - ok
15:58:22.0147 7776  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:58:22.0162 7776  WMPNetworkSvc - ok
15:58:22.0182 7776  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:58:22.0192 7776  WPCSvc - ok
15:58:22.0222 7776  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:58:22.0232 7776  WPDBusEnum - ok
15:58:22.0252 7776  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:58:22.0252 7776  ws2ifsl - ok
15:58:22.0267 7776  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
15:58:22.0272 7776  wscsvc - ok
15:58:22.0277 7776  WSearch - ok
15:58:22.0352 7776  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
15:58:22.0382 7776  wuauserv - ok
15:58:22.0392 7776  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:58:22.0397 7776  WudfPf - ok
15:58:22.0442 7776  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:58:22.0447 7776  WUDFRd - ok
15:58:22.0482 7776  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:58:22.0487 7776  wudfsvc - ok
15:58:22.0512 7776  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
15:58:22.0522 7776  WwanSvc - ok
15:58:22.0557 7776  ================ Scan global ===============================
15:58:22.0572 7776  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
15:58:22.0614 7776  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
15:58:22.0629 7776  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
15:58:22.0659 7776  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
15:58:22.0684 7776  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
15:58:22.0694 7776  [Global] - ok
15:58:22.0694 7776  ================ Scan MBR ==================================
15:58:22.0709 7776  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
15:58:22.0894 7776  \Device\Harddisk0\DR0 - ok
15:58:22.0894 7776  ================ Scan VBR ==================================
15:58:22.0909 7776  [ 1E4F67C78E115B91643D203FC0544B24 ] \Device\Harddisk0\DR0\Partition1
15:58:22.0909 7776  \Device\Harddisk0\DR0\Partition1 - ok
15:58:22.0909 7776  ============================================================
15:58:22.0909 7776  Scan finished
15:58:22.0909 7776  ============================================================
15:58:22.0929 6068  Detected object count: 0
15:58:22.0929 6068  Actual detected object count: 0
 
 
 
Thank you in advance for your help.

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Hi Psychotic

 

Thanks for your help.

 

Here are the posts for DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16660
Run by Catherine Leetch at 17:57:46 on 2013-09-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3037.1849 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\windows\system32\lxbfcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\msdtc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe
C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe
C:\Program Files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe
C:\windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: CIEDownload Object: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [iTSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe
mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [sMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [sMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\cather~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{00D757B5-E6E9-49C5-AB34-7C86FD7CC9BD} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{54B18B37-1054-491A-85CF-555026CB8E40} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F}\07F636B6564777966696D256934693 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F}\55C64796D6164756D213733324 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{A1A18156-0900-4813-A509-D22740665892} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\catherine leetch\appdata\roaming\mozilla\firefox\profiles\gnlkm8zn.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-08-01 18:06; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-1 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-1 175176]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-1 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-1 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-1 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-1 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-1 46808]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\myob\accountright\servers\Huxley.Library.WindowsService.exe [2013-8-7 17752]
R2 MYOB AccountRight Server 2013.2;MYOB AccountRight Server 2013.2;c:\program files\myob\accountright\2013.2\au\Huxley.Server.WindowsService.exe [2013-6-12 15192]
R2 MYOB AccountRight Server 2013.3;MYOB AccountRight Server 2013.3;c:\program files\myob\accountright\2013.3\au\Huxley.Server.WindowsService.exe [2013-8-7 15192]
R2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\myob\accountright\servers\Huxley.ServerLocator.WindowsService.exe [2013-8-7 16216]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-7-29 4308320]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2009-5-20 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-4-25 5632]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-9 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-9 167936]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2010-6-15 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2010-6-15 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2010-6-15 13440]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-9-28 19456]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-1 116136]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-15 4231680]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-1-18 214400]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-1-18 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-1-18 208128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]
.
=============== Created Last 30 ================
.
2013-09-02 07:52:57 -------- d-----w- c:\users\catherine leetch\appdata\local\Adobe
2013-08-26 00:08:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-26 00:08:11 -------- d-----w- c:\program files\iTunes
2013-08-26 00:08:11 -------- d-----w- c:\program files\iPod
2013-08-15 06:37:59 -------- d-----w- C:\OutlookBackup15Aug13
2013-08-14 17:10:32 -------- d-----w- c:\windows\system32\MRT
2013-08-14 09:56:52 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 09:56:49 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 09:56:49 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 09:56:49 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 09:56:49 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 09:56:42 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 09:56:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 09:56:40 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 09:56:32 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 09:56:28 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 09:56:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 09:56:20 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M  ====================
.
2013-08-01 08:07:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-01 08:07:26 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-05 07:38:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 22:56:30 47104 ----a-w- c:\windows\system32\Wh2Robo.dll
2013-06-17 22:56:30 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:58:28.28 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 26/12/2009 12:00:18 PM
System Uptime: 22/08/2013 7:17:07 PM (262 hours ago)
.
Motherboard: TOSHIBA |  | KSKAA
Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 333.604 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP199: 9/08/2013 12:00:05 AM - Scheduled Checkpoint
RP200: 13/08/2013 5:10:00 PM - Windows Modules Installer
RP201: 15/08/2013 3:00:32 AM - Windows Update
RP202: 22/08/2013 3:50:31 PM - Scheduled Checkpoint
RP203: 26/08/2013 10:55:30 AM - Installed MYOB AccountRight Plus 2013.3 AU
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Bejeweled 2 Deluxe 1.1
Bing Bar
Bluetooth Stack for Windows by Toshiba
Bonjour
Business Contact Manager for Outlook 2007 SP2
Canon Easy-WebPrint EX
Canon MF Toolbox 4.9.1.1.mf09
Canon MF4320-4350
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Click to Call with Skype
COP
Creative Memories StoryBook Creator Plus 3 (Australia/New Zealand)
Direct DiscRecorder
Dolby Control Center
DVD MovieFactory for TOSHIBA
EasyBits GO
ENE CIR Receiver Driver
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
iCloud
Intel® Matrix Storage Manager
iTunes
Java 6 Update 14
JMicron Flash Media Controller Driver
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Junior Plugin
Lexmark X6100 Series
Malwarebytes Anti-Malware version 1.75.0.1300
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 4.0 SP1 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.1 Core Components (x86) ENU 
Microsoft Sync Framework 2.1 Database Providers (x86) ENU 
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB AccountRight Basics 2011 AU
MYOB AccountRight Plus 2013.2 AU
MYOB AccountRight Plus 2013.3 AU
MYOB AccountRight Plus v19.9
MYOB ODBC Direct v10 AUS
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Opera Mail 1.0
ParetoLogic DriverCure
Photo Story 3 for Windows
PlayReady PC Runtime x86
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype™ 5.10
SMART Notebook
SMART Product Drivers
Synaptics Pointing Device Driver
TeamViewer 8
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Utility Common Driver
VitalSource Bookshelf
WildTangent Games
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 

 

I have reached the following error when I try to use GMER Rootkit scanner

 

503z2m6d.exe - No Disk

 

There is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DR6.

 

Thanks again for your help.

 

Gareth

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-02 19:16:34

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB

Running: 503z2m6d.exe; Driver: C:\Users\CATHER~1\AppData\Local\Temp\pxlcyuod.sys

 

 

---- System - GMER 2.1 ----

 

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAddBootEntry [0x90B38610]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwAllocateVirtualMemory [0x91A1F5FA]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAssignProcessToJobObject [0x90B390E6]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEvent [0x90B44F18]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEventPair [0x90B44F64]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateIoCompletion [0x90B450FE]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateMutant [0x90B44E86]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateSection [0x91A1F992]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateSemaphore [0x90B44ECE]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateThread [0x90B395E4]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateThreadEx [0x90B39800]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateTimer [0x90B450B8]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDebugActiveProcess [0x90B39E9C]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDeleteBootEntry [0x90B38676]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDuplicateObject [0x90B3D596]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwFreeVirtualMemory [0x91A1F6C2]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwLoadDriver [0x91A1DC12]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwModifyBootEntry [0x90B386DC]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeKey [0x90B3D98C]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeMultipleKeys [0x90B3A92C]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEvent [0x90B44F42]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEventPair [0x90B44F86]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenIoCompletion [0x90B45122]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenMutant [0x90B44EAC]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenProcess [0x90B3CE78]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenSection [0x90B45036]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenSemaphore [0x90B44EF6]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenThread [0x90B3D26E]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenTimer [0x90B450DC]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwProtectVirtualMemory [0x91A1F822]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueryObject [0x90B3A7F8]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueueApcThreadEx [0x90B3A506]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootEntryOrder [0x90B38742]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootOptions [0x90B387A8]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetContextThread [0x90B39D16]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemInformation [0x90B382F8]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemPowerState [0x90B384CE]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwShutdownSystem [0x90B3845C]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendProcess [0x90B3A066]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendThread [0x90B3A1C8]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSystemDebugControl [0x90B38556]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwTerminateProcess [0x91A1F8EA]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwTerminateThread [0x90B39CF6]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwUnloadDriver [0x91A1DC42]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwVdmControl [0x90B3880E]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwWriteVirtualMemory [0x91A1F76E]

 

INT 0x01        \??\C:\Users\CATHER~1\AppData\Local\Temp\mbr.sys                                       A91E9C42

 

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x91A38E00]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

 

---- Devices - GMER 2.1 ----

 

Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice  \FileSystem\fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 2.1 ----

 

GMER finished

Link to post
Share on other sites

Nothing to see here...

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hi Psychotic

 

It found the following threats:

 

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application

C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application

C:\Users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\00B26480.exe a variant of Win32/Toolbar.MyWebSearch.O application

C:\Users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00021219.exe a variant of Win32/Toolbar.MyWebSearch.K application
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 13-09-02.02 - Catherine Leetch 03/09/2013   0:29.3.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3037.1738 [GMT 10:00]

Running from: c:\users\Catherine Leetch\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))

.

.

2013-09-02 14:38 . 2013-09-02 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-02 10:26 . 2013-09-02 10:26 -------- d-----w- c:\program files\ESET

2013-09-02 07:52 . 2013-09-02 07:52 -------- d-----w- c:\users\Catherine Leetch\AppData\Local\Adobe

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iTunes

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iPod

2013-08-15 06:37 . 2013-08-15 07:49 -------- d-----w- C:\OutlookBackup15Aug13

2013-08-14 17:10 . 2013-08-14 17:13 -------- d-----w- c:\windows\system32\MRT

2013-08-14 09:56 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 09:56 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 09:56 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 09:56 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 09:56 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 09:56 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 09:56 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 09:56 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 09:56 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 09:56 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 09:56 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 09:56 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-01 08:07 . 2013-08-01 08:07 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-01 08:07 . 2013-08-01 08:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-01 08:07 . 2013-08-01 08:07 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-05 07:40 . 2013-07-05 07:40 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-05 07:40 . 2013-07-05 07:40 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-05 07:40 . 2013-07-05 07:40 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-05 07:40 . 2013-07-05 07:40 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-07-05 07:40 . 2013-07-05 07:40 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-07-05 07:40 . 2013-07-05 07:40 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-05 07:40 . 2013-07-05 07:40 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-07-05 07:40 . 2013-07-05 07:40 361984 ----a-w- c:\windows\system32\html.iec

2013-07-05 07:40 . 2013-07-05 07:40 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-05 07:40 . 2013-07-05 07:40 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-07-05 07:40 . 2013-07-05 07:40 158720 ----a-w- c:\windows\system32\msls31.dll

2013-07-05 07:40 . 2013-07-05 07:40 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-07-05 07:40 . 2013-07-05 07:40 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-05 07:40 . 2013-07-05 07:40 138752 ----a-w- c:\windows\system32\wextract.exe

2013-07-05 07:40 . 2013-07-05 07:40 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-05 07:40 . 2013-07-05 07:40 12800 ----a-w- c:\windows\system32\mshta.exe

2013-07-05 07:40 . 2013-07-05 07:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-05 07:38 . 2013-07-05 07:38 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-07-05 07:38 . 2013-07-05 07:38 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-05 07:38 . 2013-07-05 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-05 07:38 . 2013-07-05 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-07-05 07:38 . 2013-07-05 07:38 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-05 07:38 . 2013-07-05 07:38 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-05 07:38 . 2013-07-05 07:38 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-05 07:38 . 2013-07-05 07:38 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-05 07:38 . 2013-07-05 07:38 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-05 07:38 . 2013-07-05 07:38 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-05 07:38 . 2013-07-05 07:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-05 07:38 . 2013-07-05 07:38 1504768 ----a-w- c:\windows\system32\d3d11.dll

2013-07-05 07:38 . 2013-07-05 07:38 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-05 07:38 . 2013-07-05 07:38 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-05 07:38 . 2013-07-05 07:38 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-07-05 07:38 . 2013-07-05 07:38 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-17 22:56 . 2013-06-17 22:56 47104 ----a-w- c:\windows\system32\Wh2Robo.dll

2013-06-17 22:56 . 2013-06-17 22:56 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL

2013-06-05 03:05 . 2013-07-11 00:08 2347520 ----a-w- c:\windows\system32\win32k.sys

2012-01-29 15:55 . 2012-02-04 02:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 01:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]

"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]

"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-04-01 298616]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-15 152392]

.

c:\users\Catherine Leetch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 19456]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-01 116136]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2011-03-10 214400]

R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [2011-04-04 83968]

R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2011-03-03 208128]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]

S2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [2013-08-07 17752]

S2 MYOB AccountRight Server 2013.2;MYOB AccountRight Server 2013.2;c:\program files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe [2013-06-12 15192]

S2 MYOB AccountRight Server 2013.3;MYOB AccountRight Server 2013.3;c:\program files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe [2013-08-07 15192]

S2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [2013-08-07 16216]

S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-08-07 4308320]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]

S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]

S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 20209524

*NewlyCreated* - PXLCYUOD

*Deregistered* - 20209524

*Deregistered* - pxlcyuod

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 08:37 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2013-01-25 21:32]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-02 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-06-06 19:45]

.

2013-08-22 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

2013-08-28 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

.

------- Supplementary Scan -------

.


IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Catherine Leetch\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkm8zn.default\

FF - ExtSQL: 2013-08-01 18:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-03  00:39:32

ComboFix-quarantined-files.txt  2013-09-02 14:39

ComboFix2.txt  2013-08-01 05:53

ComboFix3.txt  2013-08-01 05:27

.

Pre-Run: 357,739,286,528 bytes free

Post-Run: 357,602,189,312 bytes free

.

- - End Of File - - F5EEACC9446A38D2719B91649B3F9D14

5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites

Hi Psychotic

 

I am not sure if this helps but I thought I would give you some more info about the problem I am having...

 

When emails are sent from MS Outlook 2007 I get an error. It is error 0x00CCC0F. Connection Refused xxx.xxx.xxx.xxx is listed on Exploits Block List. Please visit www.spamhaus.org/xbl for more information.

 

I can remove myself from the spamhaus website but I want to know I have removed this malware first.

 

When I visit spamhaus this is the information they give me on the malware...

 

P Address xxx.xxx.xxx.xxx is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2013-09-01 10:00 GMT (+/- 30 minutes), approximately 2 days, 17 hours ago.

It has been relisted following a previous removal at 2013-08-01 06:20 GMT (33 days, 20 hours, 11 minutes ago)

 

This IP address is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

 

The infection was detected by observing this IP address attempting to make contact to a Torpig Command and Control server (C&C), a central server used by the criminals to control with Torpig infected computers (bots).

 

Torpig is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).

 

If you are running Windows XP, Torpig was likely dropped by Mebroot. Mebroot is a Rootkit that installs itself into the MBR (Master Boot Record). If you are running a newer Windows operating system, Torpig has been likely dropped by a second Trojan such as Andromeda/Gamarue or similar malware droppers.

 

With Mebroot or any other rootkit that installs itself into the MBR, you will either have to use a "MBR cleaner" or reformat the drive completely - even if you manage to remove Torpig, the MBR infection will cause it to be reinfected again.

 

The best way to find the machine responsible for this listing is to look for connections to the Torpig C&C sinkhole. This detection was made through a connection to "xxx.xxx.xxx.xxx" on port "80" TCP. This detection corresponds to a connection at 2013-09-01 09:44:59 (GMT - this timestamp is believed accurate to within one second).

 

You can try Kaspersky's TDSSKiller Antirootkit Utility to get this infection detected/removed. However, we strongly recommend you to do completely re-install your operation system to get this infection removed permanently.

 

These infections are rated as a "severe threat" by Microsoft. It is a trojan downloader, and can download and execute ANY software on the infected computer.

You will need to find and eradicate the infection before delisting the IP address.

 

We strongly recommend that you DO NOT simply firewall off connections to the sinkhole IP addresses given above. Those IP addresses are of sinkholes operated by malware researchers. In other words, it's a "sensor" (only) run by "the good guys". The bot "thinks" its a command and control server run by the spambot operators but it isn't. It DOES NOT actually download anything, and is not a threat. 

 

If you firewall the sinkhole addresses, your IPs will remain infected, and they will STILL be delivering your users/customers personal information, including banking information to the criminal bot operators.

 

If you do choose to firewall these IPs, PLEASE instrument your firewall to tell you which internal machine is connecting to them so that you can identify the infected machine yourself and fix it.

 

We are enhancing the instructions on how to find these infections, and more information will be given here as it becomes available.

 

Virtually all detections made by the CBL are of infections that do NOT leave any "tracks" for you to find in your mail server logs. This is even more important for the viruses described here - these detections are made on network-level detections of malicious behaviour and may NOT involve malicious email being sent.

 

This means: if you have port 25 blocking enabled, do not take this as indication that your port 25 blocking isn't working.

 

The links above may help you find this infection. You can also consult Advanced Techniques for other options and alternatives. NOTE: the Advanced Techniques link focuses on finding port 25(SMTP) traffic. With "sinkhole malware" detections such as this listing, we aren't detecting port 25 traffic, we're detecting traffic on other ports. Therefore, when reading Advanced Techniques, you will need to consider all ports, not just SMTP.

 

Pay very close attention: Most of these trojans have extremely poor detection rates in current Anti-Virus software. For example, Ponmocup is only detected by 3 out of 49 AV tools queried at Virus Total.

 

Thus: having your anti-virus software doesn't find anything doesn't prove that you're not infected.

 

While we regret having to say this, downloaders will generally download many different malicious payloads. Even if an Anti-Virus product finds and removes the direct threat, they will not have detected or removed the other malicious payloads. For that reason, we recommend recloning the machine - meaning: reformatting the disks on the infected machine, and re-installing all software from known-good sources.

Link to post
Share on other sites

Sorry, but I´m a volunteer in here and I can reply within my free time only.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Scan with aswMBR


Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply


Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

CFScript.txt

Link to post
Share on other sites

ComboFix 13-09-02.02 - Catherine Leetch 04/09/2013  17:25:14.4.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3037.1198 [GMT 10:00]

Running from: c:\users\Catherine Leetch\Downloads\ComboFix.exe

Command switches used :: c:\users\Catherine Leetch\Downloads\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\program files\Windows Live\Messenger\msimg32.dll"

"c:\program files\Windows Live\Messenger\riched20.dll"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\00B26480.exe

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\WebfettiBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\000144AD

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00021219.exe

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\000C40C7

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3A5E3

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3E801.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3ED1F.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3F02B.bmp

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3F327.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117EAA1.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F387.bmp

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F599.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F710.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\History\search3

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\8_step1.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkez.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgr.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgs.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bklf.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkrg.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzc.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzl.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzn.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzq.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzr.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzu.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzv.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzw.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2d.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2r.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3d.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3r.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4b.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4c.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shield.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Settings\s_FeatCk.dat

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-04 to 2013-09-04  )))))))))))))))))))))))))))))))

.

.

2013-09-04 07:36 . 2013-09-04 07:36 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-09-04 07:36 . 2013-09-04 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-02 10:26 . 2013-09-02 10:26 -------- d-----w- c:\program files\ESET

2013-09-02 07:52 . 2013-09-03 04:24 -------- d-----w- c:\users\Catherine Leetch\AppData\Local\Adobe

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iTunes

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iPod

2013-08-15 06:37 . 2013-08-15 07:49 -------- d-----w- C:\OutlookBackup15Aug13

2013-08-14 17:10 . 2013-08-14 17:13 -------- d-----w- c:\windows\system32\MRT

2013-08-14 09:56 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 09:56 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 09:56 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 09:56 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 09:56 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 09:56 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 09:56 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 09:56 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 09:56 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 09:56 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 09:56 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 09:56 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-01 08:07 . 2013-08-01 08:07 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-01 08:07 . 2013-08-01 08:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-01 08:07 . 2013-08-01 08:07 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-05 07:40 . 2013-07-05 07:40 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-05 07:40 . 2013-07-05 07:40 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-05 07:40 . 2013-07-05 07:40 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-05 07:40 . 2013-07-05 07:40 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-07-05 07:40 . 2013-07-05 07:40 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-07-05 07:40 . 2013-07-05 07:40 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-05 07:40 . 2013-07-05 07:40 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-07-05 07:40 . 2013-07-05 07:40 361984 ----a-w- c:\windows\system32\html.iec

2013-07-05 07:40 . 2013-07-05 07:40 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-05 07:40 . 2013-07-05 07:40 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-07-05 07:40 . 2013-07-05 07:40 158720 ----a-w- c:\windows\system32\msls31.dll

2013-07-05 07:40 . 2013-07-05 07:40 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-07-05 07:40 . 2013-07-05 07:40 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-05 07:40 . 2013-07-05 07:40 138752 ----a-w- c:\windows\system32\wextract.exe

2013-07-05 07:40 . 2013-07-05 07:40 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-05 07:40 . 2013-07-05 07:40 12800 ----a-w- c:\windows\system32\mshta.exe

2013-07-05 07:40 . 2013-07-05 07:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-05 07:38 . 2013-07-05 07:38 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-07-05 07:38 . 2013-07-05 07:38 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-05 07:38 . 2013-07-05 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-05 07:38 . 2013-07-05 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-07-05 07:38 . 2013-07-05 07:38 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-05 07:38 . 2013-07-05 07:38 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-05 07:38 . 2013-07-05 07:38 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-05 07:38 . 2013-07-05 07:38 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-05 07:38 . 2013-07-05 07:38 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-05 07:38 . 2013-07-05 07:38 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-05 07:38 . 2013-07-05 07:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-05 07:38 . 2013-07-05 07:38 1504768 ----a-w- c:\windows\system32\d3d11.dll

2013-07-05 07:38 . 2013-07-05 07:38 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-05 07:38 . 2013-07-05 07:38 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-05 07:38 . 2013-07-05 07:38 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-07-05 07:38 . 2013-07-05 07:38 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-17 22:56 . 2013-06-17 22:56 47104 ----a-w- c:\windows\system32\Wh2Robo.dll

2013-06-17 22:56 . 2013-06-17 22:56 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL

2012-01-29 15:55 . 2012-02-04 02:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 01:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]

"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]

"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-04-01 298616]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-15 152392]

.

c:\users\Catherine Leetch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 19456]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-01 116136]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2011-03-10 214400]

R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [2011-04-04 83968]

R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2011-03-03 208128]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]

S2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [2013-08-07 17752]

S2 MYOB AccountRight Server 2013.2;MYOB AccountRight Server 2013.2;c:\program files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe [2013-06-12 15192]

S2 MYOB AccountRight Server 2013.3;MYOB AccountRight Server 2013.3;c:\program files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe [2013-08-07 15192]

S2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [2013-08-07 16216]

S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-08-07 4308320]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]

S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]

S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 20209524

*NewlyCreated* - PXLCYUOD

*Deregistered* - 20209524

*Deregistered* - pxlcyuod

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 08:37 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2013-01-25 21:32]

.

2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-03 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-06-06 19:45]

.

2013-08-22 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

2013-09-04 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

.

------- Supplementary Scan -------

.


IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Catherine Leetch\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkm8zn.default\

FF - ExtSQL: 2013-08-01 18:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-04  17:38:18

ComboFix-quarantined-files.txt  2013-09-04 07:38

ComboFix2.txt  2013-09-02 14:39

ComboFix3.txt  2013-08-01 05:53

ComboFix4.txt  2013-08-01 05:27

.

Pre-Run: 357,187,948,544 bytes free

Post-Run: 357,172,359,168 bytes free

.

- - End Of File - - 580B97559B2C4DFED226993CDEDA98C0

5B5E648D12FCADC244C1EC30318E1EB9


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-09-05 00:46:38

-----------------------------

00:46:38.628    OS Version: Windows 6.1.7601 Service Pack 1

00:46:38.628    Number of processors: 2 586 0x170A

00:46:38.628    ComputerName: CATHERINELEETCH  UserName: 

00:46:40.355    Initialize success

00:46:41.490    AVAST engine defs: 13090400

00:47:21.015    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

00:47:21.020    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3

00:47:21.225    Disk 0 MBR read successfully

00:47:21.235    Disk 0 MBR scan

00:47:21.235    Disk 0 Windows VISTA default MBR code

00:47:21.260    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048

00:47:21.290    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464289 MB offset 3074048

00:47:21.335    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        11150 MB offset 953937920

00:47:21.350    Disk 0 scanning sectors +976773120

00:47:21.965    Disk 0 scanning C:\windows\system32\drivers

00:47:50.088    Service scanning

00:48:20.536    Modules scanning

00:48:50.035    Disk 0 trace - called modules:

00:48:50.075    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys 

00:48:50.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x878b4ac8]

00:48:50.115    3 CLASSPNP.SYS[8bdbf59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x878b3030]

00:48:50.140    5 thpdrv.sys[8c1e399f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86a69028]

00:48:51.029    AVAST engine scan C:\

04:27:25.193    Scan finished successfully

11:05:25.240    Disk 0 MBR has been saved successfully to "C:\Users\Catherine Leetch\Desktop\MBR.dat"

11:05:25.274    The log file has been saved successfully to "C:\Users\Catherine Leetch\Desktop\aswMBR.txt"

 

 

All completed psychotic. Hope this helps.

 

Thank you.

 

Gareth

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.002 - Report created 06/09/2013 at 00:01:05

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : Catherine Leetch - CATHERINELEETCH

# Running from : C:\Users\Catherine Leetch\Downloads\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Program Files\Common Files\ParetoLogic

Folder Found C:\Program Files\ParetoLogic

Folder Found C:\ProgramData\DriverCure

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic

Folder Found C:\ProgramData\ParetoLogica

Folder Found C:\ProgramData\Partner

Folder Found C:\Users\Catherine Leetch\AppData\Roaming\DriverCure

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\alot

Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller

Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Product Found : Google Update Helper

Value Found : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v10.0 (en-US)

 

[ File : C:\Users\Catherine Leetch\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkm8zn.default\prefs.js ]

 

 

-\\ Google Chrome v29.0.1547.62

 

[ File : C:\Users\Catherine Leetch\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5019 octets] - [06/09/2013 00:01:05]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5079 octets] ##########
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 14  

 Java version out of Date! 

 Adobe Flash Player 11.7.700.169  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 10.0 Firefox out of Date!  

 Google Chrome 29.0.1547.62  

 Google Chrome 29.0.1547.66  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Your system is all clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

 

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:
 

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

 

How to protect yourself
 

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.