Removing Torpig

samgareth · September 2, 2013

Hi

I recently downloaded and used Malwarebytes to remove Torpig.

It seemed to remove it successfully and now when I run a scan I get the following log

atabase version: v2013.09.01.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16660

Catherine Leetch :: CATHERINELEETCH [administrator]

1/09/2013 10:35:49 PM

mbam-log-2013-09-01 (22-35-49).txt

Scan type: Full scan (C:\|F:\|)

Scan options disabled: P2P

Objects scanned: 445975

Time elapsed: 1 hour(s), 49 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Before I ran Malwarebytes I got the following log

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.07.28.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16635

Catherine Leetch :: CATHERINELEETCH [administrator]

29/07/2013 4:59:36 PM

mbam-log-2013-07-29 (16-59-36).txt

Scan type: Full scan (C:\|F:\|)

Scan options disabled: P2P

Objects scanned: 417604

Time elapsed: 2 hour(s), 10 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.

Registry Keys Detected: 12

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

(end)

However, my ISP is still telling me that my machine is infected. I removed myself from the blacklist removal centre but I have been put back on there again.

I have also run TDSS Killer and got the following report:

15:56:59.0053 6876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:57:00.0898 6876 ============================================================

15:57:00.0898 6876 Current date / time: 2013/09/02 15:57:00.0898

15:57:00.0898 6876 SystemInfo:

15:57:00.0898 6876

15:57:00.0898 6876 OS Version: 6.1.7601 ServicePack: 1.0

15:57:00.0898 6876 Product type: Workstation

15:57:00.0898 6876 ComputerName: CATHERINELEETCH

15:57:00.0898 6876 UserName: Catherine Leetch

15:57:00.0898 6876 Windows directory: C:\windows

15:57:00.0898 6876 System windows directory: C:\windows

15:57:00.0898 6876 Processor architecture: Intel x86

15:57:00.0898 6876 Number of processors: 2

15:57:00.0898 6876 Page size: 0x1000

15:57:00.0898 6876 Boot type: Normal boot

15:57:00.0898 6876 ============================================================

15:57:01.0603 6876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:57:01.0613 6876 ============================================================

15:57:01.0613 6876 \Device\Harddisk0\DR0:

15:57:01.0613 6876 MBR partitions:

15:57:01.0613 6876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38AD0800

15:57:01.0613 6876 ============================================================

15:57:01.0638 6876 C: <-> \Device\Harddisk0\DR0\Partition1

15:57:01.0638 6876 ============================================================

15:57:01.0638 6876 Initialize success

15:57:01.0638 6876 ============================================================

15:58:01.0662 7776 ============================================================

15:58:01.0662 7776 Scan started

15:58:01.0662 7776 Mode: Manual;

15:58:01.0662 7776 ============================================================

15:58:02.0447 7776 ================ Scan system memory ========================

15:58:02.0447 7776 System memory - ok

15:58:02.0447 7776 ================ Scan services =============================

15:58:02.0687 7776 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

15:58:02.0687 7776 1394ohci - ok

15:58:02.0712 7776 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys

15:58:02.0717 7776 ACPI - ok

15:58:02.0737 7776 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

15:58:02.0742 7776 AcpiPmi - ok

15:58:02.0792 7776 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

15:58:02.0797 7776 adp94xx - ok

15:58:02.0817 7776 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

15:58:02.0822 7776 adpahci - ok

15:58:02.0852 7776 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

15:58:02.0852 7776 adpu320 - ok

15:58:02.0917 7776 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

15:58:02.0917 7776 AeLookupSvc - ok

15:58:02.0992 7776 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys

15:58:02.0997 7776 AFD - ok

15:58:03.0062 7776 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys

15:58:03.0072 7776 AgereSoftModem - ok

15:58:03.0112 7776 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys

15:58:03.0112 7776 agp440 - ok

15:58:03.0162 7776 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys

15:58:03.0167 7776 aic78xx - ok

15:58:03.0202 7776 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe

15:58:03.0202 7776 ALG - ok

15:58:03.0217 7776 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys

15:58:03.0217 7776 aliide - ok

15:58:03.0272 7776 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys

15:58:03.0272 7776 amdagp - ok

15:58:03.0297 7776 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys

15:58:03.0297 7776 amdide - ok

15:58:03.0337 7776 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

15:58:03.0337 7776 AmdK8 - ok

15:58:03.0362 7776 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

15:58:03.0362 7776 AmdPPM - ok

15:58:03.0392 7776 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\windows\system32\drivers\amdsata.sys

15:58:03.0397 7776 amdsata - ok

15:58:03.0442 7776 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

15:58:03.0447 7776 amdsbs - ok

15:58:03.0487 7776 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\windows\system32\drivers\amdxata.sys

15:58:03.0492 7776 amdxata - ok

15:58:03.0532 7776 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys

15:58:03.0537 7776 AppID - ok

15:58:03.0562 7776 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll

15:58:03.0567 7776 AppIDSvc - ok

15:58:03.0612 7776 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\windows\System32\appinfo.dll

15:58:03.0612 7776 Appinfo - ok

15:58:03.0732 7776 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:58:03.0732 7776 Apple Mobile Device - ok

15:58:03.0772 7776 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys

15:58:03.0772 7776 arc - ok

15:58:03.0792 7776 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

15:58:03.0792 7776 arcsas - ok

15:58:03.0967 7776 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:58:03.0967 7776 aspnet_state - ok

15:58:04.0022 7776 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys

15:58:04.0027 7776 aswFsBlk - ok

15:58:04.0063 7776 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys

15:58:04.0063 7776 aswMonFlt - ok

15:58:04.0078 7776 [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys

15:58:04.0078 7776 aswRdr - ok

15:58:04.0088 7776 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys

15:58:04.0088 7776 aswRvrt - ok

15:58:04.0118 7776 [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx C:\windows\system32\drivers\aswSnx.sys

15:58:04.0128 7776 aswSnx - ok

15:58:04.0163 7776 [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP C:\windows\system32\drivers\aswSP.sys

15:58:04.0168 7776 aswSP - ok

15:58:04.0188 7776 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\windows\system32\drivers\aswTdi.sys

15:58:04.0193 7776 aswTdi - ok

15:58:04.0213 7776 [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm C:\windows\system32\drivers\aswVmm.sys

15:58:04.0213 7776 aswVmm - ok

15:58:04.0238 7776 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

15:58:04.0243 7776 AsyncMac - ok

15:58:04.0293 7776 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys

15:58:04.0293 7776 atapi - ok

15:58:04.0358 7776 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

15:58:04.0363 7776 AudioEndpointBuilder - ok

15:58:04.0373 7776 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll

15:58:04.0373 7776 Audiosrv - ok

15:58:04.0438 7776 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

15:58:04.0438 7776 avast! Antivirus - ok

15:58:04.0493 7776 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll

15:58:04.0493 7776 AxInstSV - ok

15:58:04.0538 7776 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys

15:58:04.0543 7776 b06bdrv - ok

15:58:04.0573 7776 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys

15:58:04.0578 7776 b57nd60x - ok

15:58:04.0698 7776 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

15:58:04.0698 7776 BBSvc - ok

15:58:04.0738 7776 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

15:58:04.0743 7776 BBUpdate - ok

15:58:04.0798 7776 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

15:58:04.0798 7776 BcmSqlStartupSvc - ok

15:58:04.0843 7776 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll

15:58:04.0843 7776 BDESVC - ok

15:58:04.0883 7776 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys

15:58:04.0888 7776 Beep - ok

15:58:04.0948 7776 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll

15:58:04.0958 7776 BFE - ok

15:58:05.0008 7776 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll

15:58:05.0018 7776 BITS - ok

15:58:05.0038 7776 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

15:58:05.0038 7776 blbdrive - ok

15:58:05.0113 7776 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:58:05.0118 7776 Bonjour Service - ok

15:58:05.0163 7776 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys

15:58:05.0163 7776 bowser - ok

15:58:05.0183 7776 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

15:58:05.0183 7776 BrFiltLo - ok

15:58:05.0193 7776 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

15:58:05.0193 7776 BrFiltUp - ok

15:58:05.0228 7776 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

15:58:05.0233 7776 BridgeMP - ok

15:58:05.0273 7776 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll

15:58:05.0278 7776 Browser - ok

15:58:05.0303 7776 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys

15:58:05.0308 7776 Brserid - ok

15:58:05.0338 7776 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

15:58:05.0343 7776 BrSerWdm - ok

15:58:05.0353 7776 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

15:58:05.0353 7776 BrUsbMdm - ok

15:58:05.0363 7776 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

15:58:05.0368 7776 BrUsbSer - ok

15:58:05.0383 7776 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

15:58:05.0383 7776 BTHMODEM - ok

15:58:05.0428 7776 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll

15:58:05.0433 7776 bthserv - ok

15:58:05.0528 7776 catchme - ok

15:58:05.0548 7776 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

15:58:05.0548 7776 cdfs - ok

15:58:05.0608 7776 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys

15:58:05.0608 7776 cdrom - ok

15:58:05.0663 7776 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll

15:58:05.0663 7776 CertPropSvc - ok

15:58:05.0733 7776 [ B1C693994D8127F4BE1FDDE4C19684BA ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

15:58:05.0733 7776 cfWiMAXService - ok

15:58:05.0788 7776 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys

15:58:05.0788 7776 circlass - ok

15:58:05.0813 7776 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys

15:58:05.0818 7776 CLFS - ok

15:58:05.0868 7776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:58:05.0873 7776 clr_optimization_v2.0.50727_32 - ok

15:58:05.0928 7776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:58:05.0953 7776 clr_optimization_v4.0.30319_32 - ok

15:58:05.0988 7776 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

15:58:05.0988 7776 CmBatt - ok

15:58:06.0018 7776 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys

15:58:06.0018 7776 cmdide - ok

15:58:06.0068 7776 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys

15:58:06.0073 7776 CNG - ok

15:58:06.0093 7776 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

15:58:06.0093 7776 Compbatt - ok

15:58:06.0153 7776 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

15:58:06.0153 7776 CompositeBus - ok

15:58:06.0163 7776 COMSysApp - ok

15:58:06.0188 7776 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

15:58:06.0188 7776 ConfigFree Service - ok

15:58:06.0218 7776 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

15:58:06.0218 7776 crcdisk - ok

15:58:06.0258 7776 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\windows\system32\cryptsvc.dll

15:58:06.0263 7776 CryptSvc - ok

15:58:06.0303 7776 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll

15:58:06.0308 7776 DcomLaunch - ok

15:58:06.0333 7776 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll

15:58:06.0338 7776 defragsvc - ok

15:58:06.0378 7776 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys

15:58:06.0378 7776 DfsC - ok

15:58:06.0403 7776 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll

15:58:06.0408 7776 Dhcp - ok

15:58:06.0443 7776 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys

15:58:06.0443 7776 discache - ok

15:58:06.0473 7776 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys

15:58:06.0473 7776 Disk - ok

15:58:06.0513 7776 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll

15:58:06.0518 7776 Dnscache - ok

15:58:06.0573 7776 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll

15:58:06.0578 7776 dot3svc - ok

15:58:06.0618 7776 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll

15:58:06.0618 7776 DPS - ok

15:58:06.0658 7776 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

15:58:06.0658 7776 drmkaud - ok

15:58:06.0713 7776 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

15:58:06.0718 7776 DXGKrnl - ok

15:58:06.0763 7776 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll

15:58:06.0763 7776 EapHost - ok

15:58:06.0853 7776 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys

15:58:06.0923 7776 ebdrv - ok

15:58:06.0963 7776 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe

15:58:06.0968 7776 EFS - ok

15:58:07.0043 7776 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe

15:58:07.0048 7776 ehRecvr - ok

15:58:07.0069 7776 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe

15:58:07.0074 7776 ehSched - ok

15:58:07.0114 7776 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

15:58:07.0119 7776 elxstor - ok

15:58:07.0159 7776 [ F13C945115B8A8C7C4427D5925F88F23 ] enecir C:\windows\system32\DRIVERS\enecir.sys

15:58:07.0159 7776 enecir - ok

15:58:07.0184 7776 [ 65BF24816C2814596253F312DD35F171 ] enecirhid C:\windows\system32\DRIVERS\enecirhid.sys

15:58:07.0184 7776 enecirhid - ok

15:58:07.0194 7776 [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma C:\windows\system32\DRIVERS\enecirhidma.sys

15:58:07.0194 7776 enecirhidma - ok

15:58:07.0219 7776 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys

15:58:07.0219 7776 ErrDev - ok

15:58:07.0259 7776 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll

15:58:07.0264 7776 EventSystem - ok

15:58:07.0294 7776 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys

15:58:07.0294 7776 exfat - ok

15:58:07.0324 7776 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys

15:58:07.0324 7776 fastfat - ok

15:58:07.0369 7776 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe

15:58:07.0379 7776 Fax - ok

15:58:07.0394 7776 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys

15:58:07.0394 7776 fdc - ok

15:58:07.0429 7776 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll

15:58:07.0429 7776 fdPHost - ok

15:58:07.0449 7776 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll

15:58:07.0449 7776 FDResPub - ok

15:58:07.0469 7776 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

15:58:07.0469 7776 FileInfo - ok

15:58:07.0484 7776 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys

15:58:07.0484 7776 Filetrace - ok

15:58:07.0499 7776 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

15:58:07.0499 7776 flpydisk - ok

15:58:07.0529 7776 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

15:58:07.0529 7776 FltMgr - ok

15:58:07.0591 7776 [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys

15:58:07.0591 7776 FlyUsb - ok

15:58:07.0661 7776 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\windows\system32\FntCache.dll

15:58:07.0676 7776 FontCache - ok

15:58:07.0751 7776 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:58:07.0751 7776 FontCache3.0.0.0 - ok

15:58:07.0771 7776 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys

15:58:07.0771 7776 FsDepends - ok

15:58:07.0806 7776 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

15:58:07.0811 7776 Fs_Rec - ok

15:58:07.0851 7776 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

15:58:07.0856 7776 fvevol - ok

15:58:07.0886 7776 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

15:58:07.0891 7776 gagp30kx - ok

15:58:07.0956 7776 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

15:58:07.0956 7776 GameConsoleService - ok

15:58:08.0021 7776 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

15:58:08.0026 7776 GEARAspiWDM - ok

15:58:08.0071 7776 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll

15:58:08.0081 7776 gpsvc - ok

15:58:08.0176 7776 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

15:58:08.0176 7776 gupdate - ok

15:58:08.0216 7776 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

15:58:08.0216 7776 gupdatem - ok

15:58:08.0251 7776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:58:08.0251 7776 gusvc - ok

15:58:08.0286 7776 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

15:58:08.0286 7776 hcw85cir - ok

15:58:08.0336 7776 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

15:58:08.0341 7776 HdAudAddService - ok

15:58:08.0366 7776 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

15:58:08.0366 7776 HDAudBus - ok

15:58:08.0391 7776 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

15:58:08.0391 7776 HidBatt - ok

15:58:08.0406 7776 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

15:58:08.0411 7776 HidBth - ok

15:58:08.0446 7776 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys

15:58:08.0446 7776 HidIr - ok

15:58:08.0466 7776 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll

15:58:08.0466 7776 hidserv - ok

15:58:08.0521 7776 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\drivers\hidusb.sys

15:58:08.0526 7776 HidUsb - ok

15:58:08.0556 7776 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll

15:58:08.0556 7776 hkmsvc - ok

15:58:08.0601 7776 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll

15:58:08.0606 7776 HomeGroupListener - ok

15:58:08.0641 7776 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll

15:58:08.0651 7776 HomeGroupProvider - ok

15:58:08.0671 7776 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

15:58:08.0676 7776 HpSAMD - ok

15:58:08.0721 7776 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys

15:58:08.0731 7776 HTTP - ok

15:58:08.0771 7776 hwdatacard - ok

15:58:08.0791 7776 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

15:58:08.0791 7776 hwpolicy - ok

15:58:08.0841 7776 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

15:58:08.0841 7776 i8042prt - ok

15:58:08.0866 7776 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

15:58:08.0871 7776 iaStor - ok

15:58:08.0906 7776 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\windows\system32\drivers\iaStorV.sys

15:58:08.0911 7776 iaStorV - ok

15:58:08.0991 7776 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:58:09.0001 7776 idsvc - ok

15:58:09.0046 7776 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

15:58:09.0046 7776 iirsp - ok

15:58:09.0086 7776 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll

15:58:09.0096 7776 IKEEXT - ok

15:58:09.0201 7776 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys

15:58:09.0231 7776 IntcAzAudAddService - ok

15:58:09.0251 7776 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys

15:58:09.0251 7776 intelide - ok

15:58:09.0296 7776 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

15:58:09.0301 7776 intelppm - ok

15:58:09.0326 7776 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll

15:58:09.0331 7776 IPBusEnum - ok

15:58:09.0351 7776 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

15:58:09.0356 7776 IpFilterDriver - ok

15:58:09.0406 7776 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

15:58:09.0416 7776 iphlpsvc - ok

15:58:09.0451 7776 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

15:58:09.0451 7776 IPMIDRV - ok

15:58:09.0486 7776 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys

15:58:09.0486 7776 IPNAT - ok

15:58:09.0556 7776 [ D8B8B5A8FE57CF4F307A540D9A153C23 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:58:09.0566 7776 iPod Service - ok

15:58:09.0591 7776 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys

15:58:09.0596 7776 IRENUM - ok

15:58:09.0616 7776 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys

15:58:09.0616 7776 isapnp - ok

15:58:09.0661 7776 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

15:58:09.0666 7776 iScsiPrt - ok

15:58:09.0706 7776 [ 65DA9FA42C0972FE5B9B7D6047F06F4C ] JMCR C:\windows\system32\DRIVERS\jmcr.sys

15:58:09.0706 7776 JMCR - ok

15:58:09.0741 7776 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys

15:58:09.0741 7776 kbdclass - ok

15:58:09.0761 7776 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

15:58:09.0761 7776 kbdhid - ok

15:58:09.0776 7776 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe

15:58:09.0776 7776 KeyIso - ok

15:58:09.0816 7776 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

15:58:09.0821 7776 KSecDD - ok

15:58:09.0831 7776 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

15:58:09.0831 7776 KSecPkg - ok

15:58:09.0871 7776 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll

15:58:09.0876 7776 KtmRm - ok

15:58:09.0951 7776 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll

15:58:09.0961 7776 LanmanServer - ok

15:58:10.0001 7776 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll

15:58:10.0006 7776 LanmanWorkstation - ok

15:58:10.0251 7776 [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

15:58:10.0386 7776 LeapFrog Connect Device Service - ok

15:58:10.0431 7776 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

15:58:10.0431 7776 lltdio - ok

15:58:10.0456 7776 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll

15:58:10.0461 7776 lltdsvc - ok

15:58:10.0476 7776 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll

15:58:10.0481 7776 lmhosts - ok

15:58:10.0511 7776 [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys

15:58:10.0516 7776 LPCFilter - ok

15:58:10.0556 7776 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

15:58:10.0556 7776 LSI_FC - ok

15:58:10.0571 7776 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

15:58:10.0576 7776 LSI_SAS - ok

15:58:10.0586 7776 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

15:58:10.0591 7776 LSI_SAS2 - ok

15:58:10.0601 7776 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

15:58:10.0601 7776 LSI_SCSI - ok

15:58:10.0631 7776 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys

15:58:10.0631 7776 luafv - ok

15:58:10.0651 7776 lxbf_device - ok

15:58:10.0696 7776 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

15:58:10.0696 7776 Mcx2Svc - ok

15:58:10.0726 7776 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys

15:58:10.0726 7776 megasas - ok

15:58:10.0761 7776 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

15:58:10.0766 7776 MegaSR - ok

15:58:10.0786 7776 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll

15:58:10.0791 7776 MMCSS - ok

15:58:10.0836 7776 [ 8AEEB5397543568860C6F681E2ED6686 ] mod7700 C:\windows\system32\Drivers\dvb7700all.sys

15:58:10.0846 7776 mod7700 - ok

15:58:10.0866 7776 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys

15:58:10.0871 7776 Modem - ok

15:58:10.0906 7776 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys

15:58:10.0911 7776 monitor - ok

15:58:10.0936 7776 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys

15:58:10.0936 7776 mouclass - ok

15:58:10.0961 7776 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

15:58:10.0966 7776 mouhid - ok

15:58:11.0021 7776 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys

15:58:11.0021 7776 mountmgr - ok

15:58:11.0066 7776 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys

15:58:11.0071 7776 mpio - ok

15:58:11.0091 7776 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

15:58:11.0096 7776 mpsdrv - ok

15:58:11.0151 7776 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll

15:58:11.0156 7776 MpsSvc - ok

15:58:11.0201 7776 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

15:58:11.0201 7776 MRxDAV - ok

15:58:11.0236 7776 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

15:58:11.0236 7776 mrxsmb - ok

15:58:11.0286 7776 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

15:58:11.0291 7776 mrxsmb10 - ok

15:58:11.0306 7776 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

15:58:11.0306 7776 mrxsmb20 - ok

15:58:11.0346 7776 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys

15:58:11.0346 7776 msahci - ok

15:58:11.0371 7776 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys

15:58:11.0371 7776 msdsm - ok

15:58:11.0406 7776 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe

15:58:11.0411 7776 MSDTC - ok

15:58:11.0451 7776 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys

15:58:11.0451 7776 Msfs - ok

15:58:11.0456 7776 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

15:58:11.0456 7776 mshidkmdf - ok

15:58:11.0471 7776 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys

15:58:11.0476 7776 msisadrv - ok

15:58:11.0496 7776 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll

15:58:11.0501 7776 MSiSCSI - ok

15:58:11.0506 7776 msiserver - ok

15:58:11.0521 7776 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

15:58:11.0526 7776 MSKSSRV - ok

15:58:11.0541 7776 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

15:58:11.0546 7776 MSPCLOCK - ok

15:58:11.0556 7776 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

15:58:11.0556 7776 MSPQM - ok

15:58:11.0576 7776 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys

15:58:11.0576 7776 MsRPC - ok

15:58:11.0616 7776 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

15:58:11.0621 7776 mssmbios - ok

15:58:11.0671 7776 MSSQL$MSSMLBIZ - ok

15:58:11.0726 7776 MSSQL$SQLEXPRESS - ok

15:58:11.0766 7776 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

15:58:11.0766 7776 MSSQLServerADHelper - ok

15:58:11.0796 7776 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

15:58:11.0801 7776 MSTEE - ok

15:58:11.0821 7776 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

15:58:11.0826 7776 MTConfig - ok

15:58:11.0841 7776 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys

15:58:11.0841 7776 Mup - ok

15:58:11.0981 7776 [ D1012ACD7C3B5CECA8DE05B5AC176B4B ] MYOB AccountRight Library C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe

15:58:11.0981 7776 MYOB AccountRight Library - ok

15:58:12.0051 7776 [ 16429AE4EC1B97693C9BBAF17E35AAC8 ] MYOB AccountRight Server 2013.2 C:\Program Files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe

15:58:12.0056 7776 MYOB AccountRight Server 2013.2 - ok

15:58:12.0156 7776 [ 1DD630D80077C5967C1AFBB2181A5BC8 ] MYOB AccountRight Server 2013.3 C:\Program Files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe

15:58:12.0161 7776 MYOB AccountRight Server 2013.3 - ok

15:58:12.0221 7776 [ 6C440033C268CF9F00E302ECAB74D0D6 ] MYOB AccountRight Server Locator C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe

15:58:12.0221 7776 MYOB AccountRight Server Locator - ok

15:58:12.0271 7776 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll

15:58:12.0276 7776 napagent - ok

15:58:12.0336 7776 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

15:58:12.0341 7776 NativeWifiP - ok

15:58:12.0381 7776 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\windows\system32\drivers\ndis.sys

15:58:12.0386 7776 NDIS - ok

15:58:12.0416 7776 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

15:58:12.0416 7776 NdisCap - ok

15:58:12.0451 7776 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

15:58:12.0451 7776 NdisTapi - ok

15:58:12.0506 7776 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

15:58:12.0506 7776 Ndisuio - ok

15:58:12.0541 7776 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

15:58:12.0541 7776 NdisWan - ok

15:58:12.0556 7776 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

15:58:12.0556 7776 NDProxy - ok

15:58:12.0591 7776 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

15:58:12.0596 7776 NetBIOS - ok

15:58:12.0636 7776 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

15:58:12.0641 7776 NetBT - ok

15:58:12.0651 7776 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe

15:58:12.0656 7776 Netlogon - ok

15:58:12.0696 7776 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll

15:58:12.0701 7776 Netman - ok

15:58:12.0761 7776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:58:12.0766 7776 NetMsmqActivator - ok

15:58:12.0786 7776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:58:12.0786 7776 NetPipeActivator - ok

15:58:12.0811 7776 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll

15:58:12.0816 7776 netprofm - ok

15:58:12.0826 7776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:58:12.0826 7776 NetTcpActivator - ok

15:58:12.0836 7776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:58:12.0836 7776 NetTcpPortSharing - ok

15:58:13.0006 7776 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\windows\system32\DRIVERS\NETw5s32.sys

15:58:13.0146 7776 NETw5s32 - ok

15:58:13.0256 7776 [ AF1AE2E42B03395560B1CDE03230205C ] netw5v32 C:\windows\system32\DRIVERS\netw5v32.sys

15:58:13.0336 7776 netw5v32 - ok

15:58:13.0376 7776 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

15:58:13.0381 7776 nfrd960 - ok

15:58:13.0416 7776 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll

15:58:13.0421 7776 NlaSvc - ok

15:58:13.0436 7776 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys

15:58:13.0436 7776 Npfs - ok

15:58:13.0456 7776 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll

15:58:13.0461 7776 nsi - ok

15:58:13.0476 7776 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

15:58:13.0476 7776 nsiproxy - ok

15:58:13.0546 7776 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\windows\system32\drivers\Ntfs.sys

15:58:13.0561 7776 Ntfs - ok

15:58:13.0586 7776 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys

15:58:13.0586 7776 Null - ok

15:58:13.0626 7776 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\windows\system32\drivers\nvhda32v.sys

15:58:13.0631 7776 NVHDA - ok

15:58:13.0846 7776 [ F484E314C710B9C297F9AB363FF74370 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys

15:58:14.0018 7776 nvlddmkm - ok

15:58:14.0063 7776 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\windows\system32\drivers\nvraid.sys

15:58:14.0068 7776 nvraid - ok

15:58:14.0083 7776 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\windows\system32\drivers\nvstor.sys

15:58:14.0088 7776 nvstor - ok

15:58:14.0133 7776 [ 77E4618BAA5D786DF7CB993F1398EF97 ] nvsvc C:\windows\system32\nvvsvc.exe

15:58:14.0138 7776 nvsvc - ok

15:58:14.0163 7776 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys

15:58:14.0168 7776 nv_agp - ok

15:58:14.0273 7776 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:58:14.0278 7776 odserv - ok

15:58:14.0313 7776 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

15:58:14.0313 7776 ohci1394 - ok

15:58:14.0368 7776 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:58:14.0368 7776 ose - ok

15:58:14.0413 7776 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll

15:58:14.0418 7776 p2pimsvc - ok

15:58:14.0438 7776 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll

15:58:14.0448 7776 p2psvc - ok

15:58:14.0478 7776 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys

15:58:14.0478 7776 Parport - ok

15:58:14.0518 7776 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys

15:58:14.0518 7776 partmgr - ok

15:58:14.0533 7776 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys

15:58:14.0538 7776 Parvdm - ok

15:58:14.0563 7776 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll

15:58:14.0568 7776 PcaSvc - ok

15:58:14.0598 7776 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys

15:58:14.0603 7776 pci - ok

15:58:14.0618 7776 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys

15:58:14.0618 7776 pciide - ok

15:58:14.0638 7776 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

15:58:14.0643 7776 pcmcia - ok

15:58:14.0663 7776 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys

15:58:14.0663 7776 pcw - ok

15:58:14.0693 7776 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys

15:58:14.0698 7776 PEAUTH - ok

15:58:14.0738 7776 [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

15:58:14.0738 7776 PGEffect - ok

15:58:14.0803 7776 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll

15:58:14.0823 7776 pla - ok

15:58:14.0878 7776 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll

15:58:14.0888 7776 PlugPlay - ok

15:58:14.0918 7776 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

15:58:14.0923 7776 PNRPAutoReg - ok

15:58:14.0933 7776 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll

15:58:14.0938 7776 PNRPsvc - ok

15:58:14.0993 7776 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll

15:58:14.0998 7776 PolicyAgent - ok

15:58:15.0043 7776 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll

15:58:15.0048 7776 Power - ok

15:58:15.0088 7776 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

15:58:15.0093 7776 PptpMiniport - ok

15:58:15.0113 7776 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys

15:58:15.0113 7776 Processor - ok

15:58:15.0153 7776 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\windows\system32\profsvc.dll

15:58:15.0158 7776 ProfSvc - ok

15:58:15.0178 7776 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe

15:58:15.0178 7776 ProtectedStorage - ok

15:58:15.0213 7776 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys

15:58:15.0213 7776 Psched - ok

15:58:15.0263 7776 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

15:58:15.0278 7776 ql2300 - ok

15:58:15.0303 7776 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

15:58:15.0303 7776 ql40xx - ok

15:58:15.0328 7776 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll

15:58:15.0338 7776 QWAVE - ok

15:58:15.0348 7776 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

15:58:15.0353 7776 QWAVEdrv - ok

15:58:15.0378 7776 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

15:58:15.0383 7776 RasAcd - ok

15:58:15.0413 7776 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

15:58:15.0418 7776 RasAgileVpn - ok

15:58:15.0428 7776 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll

15:58:15.0433 7776 RasAuto - ok

15:58:15.0453 7776 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

15:58:15.0453 7776 Rasl2tp - ok

15:58:15.0503 7776 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll

15:58:15.0513 7776 RasMan - ok

15:58:15.0523 7776 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

15:58:15.0528 7776 RasPppoe - ok

15:58:15.0543 7776 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

15:58:15.0548 7776 RasSstp - ok

15:58:15.0558 7776 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

15:58:15.0563 7776 rdbss - ok

15:58:15.0588 7776 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

15:58:15.0588 7776 rdpbus - ok

15:58:15.0628 7776 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

15:58:15.0628 7776 RDPCDD - ok

15:58:15.0653 7776 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

15:58:15.0658 7776 RDPENCDD - ok

15:58:15.0673 7776 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

15:58:15.0673 7776 RDPREFMP - ok

15:58:15.0718 7776 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys

15:58:15.0723 7776 RDPWD - ok

15:58:15.0773 7776 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

15:58:15.0778 7776 rdyboost - ok

15:58:15.0803 7776 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll

15:58:15.0808 7776 RemoteAccess - ok

15:58:15.0828 7776 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll

15:58:15.0833 7776 RemoteRegistry - ok

15:58:15.0848 7776 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

15:58:15.0853 7776 RpcEptMapper - ok

15:58:15.0878 7776 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe

15:58:15.0878 7776 RpcLocator - ok

15:58:15.0913 7776 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll

15:58:15.0918 7776 RpcSs - ok

15:58:15.0953 7776 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

15:58:15.0953 7776 rspndr - ok

15:58:15.0993 7776 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys

15:58:15.0993 7776 RTL8167 - ok

15:58:16.0008 7776 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe

15:58:16.0013 7776 SamSs - ok

15:58:16.0053 7776 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys

15:58:16.0053 7776 sbp2port - ok

15:58:16.0088 7776 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll

15:58:16.0098 7776 SCardSvr - ok

15:58:16.0138 7776 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

15:58:16.0143 7776 scfilter - ok

15:58:16.0198 7776 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll

15:58:16.0213 7776 Schedule - ok

15:58:16.0253 7776 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll

15:58:16.0253 7776 SCPolicySvc - ok

15:58:16.0303 7776 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\windows\system32\drivers\sdbus.sys

15:58:16.0308 7776 sdbus - ok

15:58:16.0323 7776 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll

15:58:16.0328 7776 SDRSVC - ok

15:58:16.0348 7776 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys

15:58:16.0353 7776 secdrv - ok

15:58:16.0373 7776 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll

15:58:16.0378 7776 seclogon - ok

15:58:16.0398 7776 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll

15:58:16.0403 7776 SENS - ok

15:58:16.0408 7776 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll

15:58:16.0418 7776 SensrSvc - ok

15:58:16.0438 7776 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys

15:58:16.0438 7776 Serenum - ok

15:58:16.0453 7776 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys

15:58:16.0453 7776 Serial - ok

15:58:16.0498 7776 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

15:58:16.0498 7776 sermouse - ok

15:58:16.0543 7776 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll

15:58:16.0553 7776 SessionEnv - ok

15:58:16.0583 7776 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys

15:58:16.0588 7776 sffdisk - ok

15:58:16.0608 7776 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

15:58:16.0608 7776 sffp_mmc - ok

15:58:16.0618 7776 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

15:58:16.0623 7776 sffp_sd - ok

15:58:16.0658 7776 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

15:58:16.0663 7776 sfloppy - ok

15:58:16.0698 7776 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll

15:58:16.0703 7776 SharedAccess - ok

15:58:16.0733 7776 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll

15:58:16.0738 7776 ShellHWDetection - ok

15:58:16.0778 7776 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys

15:58:16.0783 7776 sisagp - ok

15:58:16.0813 7776 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

15:58:16.0813 7776 SiSRaid2 - ok

15:58:16.0838 7776 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

15:58:16.0838 7776 SiSRaid4 - ok

15:58:16.0913 7776 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

15:58:16.0913 7776 SkypeUpdate - ok

15:58:16.0963 7776 [ 9D819137BBDEE71F4241706ACF80FBE1 ] SMARTMouseFilterx86 C:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys

15:58:16.0963 7776 SMARTMouseFilterx86 - ok

15:58:16.0983 7776 [ 2D362731FAC8440E9D3A43F5D1DAE280 ] SMARTVHidMini2000x86 C:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys

15:58:16.0983 7776 SMARTVHidMini2000x86 - ok

15:58:17.0003 7776 [ CB07B494D60A0F31B12B01DEE0FB251F ] SMARTVTabletPCx86 C:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys

15:58:17.0003 7776 SMARTVTabletPCx86 - ok

15:58:17.0048 7776 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys

15:58:17.0048 7776 Smb - ok

15:58:17.0093 7776 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe

15:58:17.0098 7776 SNMPTRAP - ok

15:58:17.0103 7776 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys

15:58:17.0108 7776 spldr - ok

15:58:17.0148 7776 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\windows\System32\spoolsv.exe

15:58:17.0158 7776 Spooler - ok

15:58:17.0233 7776 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe

15:58:17.0303 7776 sppsvc - ok

15:58:17.0343 7776 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll

15:58:17.0348 7776 sppuinotify - ok

15:58:17.0388 7776 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

15:58:17.0393 7776 SQLBrowser - ok

15:58:17.0423 7776 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

15:58:17.0423 7776 SQLWriter - ok

15:58:17.0473 7776 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys

15:58:17.0478 7776 srv - ok

15:58:17.0508 7776 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys

15:58:17.0513 7776 srv2 - ok

15:58:17.0523 7776 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

15:58:17.0528 7776 srvnet - ok

15:58:17.0553 7776 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

15:58:17.0563 7776 SSDPSRV - ok

15:58:17.0578 7776 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll

15:58:17.0583 7776 SstpSvc - ok

15:58:17.0608 7776 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

15:58:17.0608 7776 stexstor - ok

15:58:17.0673 7776 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll

15:58:17.0683 7776 StiSvc - ok

15:58:17.0728 7776 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys

15:58:17.0733 7776 swenum - ok

15:58:17.0778 7776 [ C4FAE11714250D65B721A8D3037BBA67 ] swg3kser00 C:\windows\system32\DRIVERS\swg3kser00.sys

15:58:17.0783 7776 swg3kser00 - ok

15:58:17.0793 7776 [ 1A279C2F69F4F6CCDE1D15EC1D7EE862 ] swiwdmbx C:\windows\system32\DRIVERS\swiwdmbx.sys

15:58:17.0798 7776 swiwdmbx - ok

15:58:17.0823 7776 [ 1D394F1585793AC2A9738028FF97FBE3 ] SWNC8UA3 C:\windows\system32\DRIVERS\swnc8ua3.sys

15:58:17.0823 7776 SWNC8UA3 - ok

15:58:17.0863 7776 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll

15:58:17.0868 7776 swprv - ok

15:58:17.0918 7776 [ 3F4982DE07D89A1084861E9D59F7EBB1 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

15:58:17.0918 7776 SynTP - ok

15:58:17.0983 7776 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll

15:58:17.0998 7776 SysMain - ok

15:58:18.0038 7776 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll

15:58:18.0043 7776 TabletInputService - ok

15:58:18.0079 7776 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll

15:58:18.0089 7776 TapiSrv - ok

15:58:18.0114 7776 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll

15:58:18.0119 7776 TBS - ok

15:58:18.0184 7776 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\windows\system32\drivers\tcpip.sys

15:58:18.0199 7776 Tcpip - ok

15:58:18.0254 7776 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

15:58:18.0264 7776 TCPIP6 - ok

15:58:18.0316 7776 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

15:58:18.0321 7776 tcpipreg - ok

15:58:18.0356 7776 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

15:58:18.0356 7776 tdcmdpst - ok

15:58:18.0391 7776 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

15:58:18.0391 7776 TDPIPE - ok

15:58:18.0421 7776 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

15:58:18.0426 7776 TDTCP - ok

15:58:18.0471 7776 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys

15:58:18.0471 7776 tdx - ok

15:58:18.0601 7776 [ D53118C165AE5D188632B6CDEEE82A1B ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

15:58:18.0691 7776 TeamViewer8 - ok

15:58:18.0736 7776 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys

15:58:18.0736 7776 TermDD - ok

15:58:18.0796 7776 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll

15:58:18.0806 7776 TermService - ok

15:58:18.0836 7776 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll

15:58:18.0846 7776 Themes - ok

15:58:18.0871 7776 [ 9528F2A39CB660A49F0592D57127F370 ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys

15:58:18.0871 7776 Thpdrv - ok

15:58:18.0911 7776 [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS

15:58:18.0911 7776 Thpevm - ok

15:58:18.0946 7776 [ B8A7C3F812791A73147B6CC2380432EC ] Thpsrv C:\windows\system32\ThpSrv.exe

15:58:18.0956 7776 Thpsrv - ok

15:58:18.0976 7776 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll

15:58:18.0981 7776 THREADORDER - ok

15:58:19.0046 7776 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

15:58:19.0051 7776 TMachInfo - ok

15:58:19.0077 7776 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\windows\system32\TODDSrv.exe

15:58:19.0082 7776 TODDSrv - ok

15:58:19.0137 7776 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

15:58:19.0147 7776 TosCoSrv - ok

15:58:19.0197 7776 [ AC88D258F20909EEB91796F490CFBB73 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

15:58:19.0202 7776 TOSHIBA Bluetooth Service - ok

15:58:19.0242 7776 [ 613E6D8B0A572C5347A1088A1D2B5785 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe

15:58:19.0242 7776 TOSHIBA eco Utility Service - ok

15:58:19.0272 7776 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

15:58:19.0272 7776 TOSHIBA HDD SSD Alert Service - ok

15:58:19.0282 7776 Tosrfcom - ok

15:58:19.0327 7776 [ 9EE240F7029771B21CC6200BE6516D60 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys

15:58:19.0332 7776 tosrfec - ok

15:58:19.0362 7776 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys

15:58:19.0367 7776 tos_sps32 - ok

15:58:19.0417 7776 [ 31D2881B0647F2B09B118B9B50C02888 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

15:58:19.0422 7776 TPCHSrv - ok

15:58:19.0447 7776 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll

15:58:19.0457 7776 TrkWks - ok

15:58:19.0512 7776 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

15:58:19.0517 7776 TrustedInstaller - ok

15:58:19.0557 7776 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

15:58:19.0562 7776 tssecsrv - ok

15:58:19.0607 7776 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

15:58:19.0607 7776 TsUsbFlt - ok

15:58:19.0667 7776 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

15:58:19.0672 7776 tunnel - ok

15:58:19.0717 7776 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

15:58:19.0722 7776 TVALZ - ok

15:58:19.0742 7776 [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys

15:58:19.0747 7776 TVALZFL - ok

15:58:19.0767 7776 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

15:58:19.0767 7776 uagp35 - ok

15:58:19.0792 7776 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys

15:58:19.0797 7776 udfs - ok

15:58:19.0837 7776 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe

15:58:19.0842 7776 UI0Detect - ok

15:58:19.0872 7776 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

15:58:19.0872 7776 uliagpkx - ok

15:58:19.0917 7776 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys

15:58:19.0917 7776 umbus - ok

15:58:19.0942 7776 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys

15:58:19.0942 7776 UmPass - ok

15:58:19.0972 7776 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll

15:58:19.0982 7776 upnphost - ok

15:58:20.0017 7776 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys

15:58:20.0022 7776 USBAAPL - ok

15:58:20.0032 7776 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

15:58:20.0037 7776 usbccgp - ok

15:58:20.0062 7776 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys

15:58:20.0062 7776 usbcir - ok

15:58:20.0097 7776 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\windows\system32\drivers\usbehci.sys

15:58:20.0102 7776 usbehci - ok

15:58:20.0122 7776 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\windows\system32\drivers\usbhub.sys

15:58:20.0127 7776 usbhub - ok

15:58:20.0142 7776 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\drivers\usbohci.sys

15:58:20.0147 7776 usbohci - ok

15:58:20.0172 7776 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

15:58:20.0177 7776 usbprint - ok

15:58:20.0207 7776 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

15:58:20.0207 7776 usbscan - ok

15:58:20.0247 7776 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

15:58:20.0252 7776 USBSTOR - ok

15:58:20.0272 7776 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\drivers\usbuhci.sys

15:58:20.0272 7776 usbuhci - ok

15:58:20.0302 7776 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

15:58:20.0307 7776 usbvideo - ok

15:58:20.0342 7776 [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys

15:58:20.0347 7776 usb_rndisx - ok

15:58:20.0367 7776 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll

15:58:20.0372 7776 UxSms - ok

15:58:20.0387 7776 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe

15:58:20.0392 7776 VaultSvc - ok

15:58:20.0442 7776 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

15:58:20.0442 7776 vdrvroot - ok

15:58:20.0497 7776 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe

15:58:20.0507 7776 vds - ok

15:58:20.0532 7776 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys

15:58:20.0537 7776 vga - ok

15:58:20.0552 7776 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys

15:58:20.0552 7776 VgaSave - ok

15:58:20.0572 7776 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys

15:58:20.0577 7776 vhdmp - ok

15:58:20.0607 7776 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys

15:58:20.0612 7776 viaagp - ok

15:58:20.0617 7776 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys

15:58:20.0617 7776 ViaC7 - ok

15:58:20.0652 7776 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys

15:58:20.0657 7776 viaide - ok

15:58:20.0677 7776 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys

15:58:20.0677 7776 volmgr - ok

15:58:20.0712 7776 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys

15:58:20.0717 7776 volmgrx - ok

15:58:20.0732 7776 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys

15:58:20.0732 7776 volsnap - ok

15:58:20.0762 7776 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

15:58:20.0762 7776 vsmraid - ok

15:58:20.0822 7776 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe

15:58:20.0837 7776 VSS - ok

15:58:20.0867 7776 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

15:58:20.0872 7776 vwifibus - ok

15:58:20.0902 7776 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

15:58:20.0907 7776 vwififlt - ok

15:58:20.0947 7776 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll

15:58:20.0952 7776 W32Time - ok

15:58:20.0977 7776 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

15:58:20.0982 7776 WacomPen - ok

15:58:21.0007 7776 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

15:58:21.0007 7776 WANARP - ok

15:58:21.0012 7776 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

15:58:21.0017 7776 Wanarpv6 - ok

15:58:21.0117 7776 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

15:58:21.0132 7776 WatAdminSvc - ok

15:58:21.0187 7776 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe

15:58:21.0207 7776 wbengine - ok

15:58:21.0232 7776 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

15:58:21.0242 7776 WbioSrvc - ok

15:58:21.0287 7776 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll

15:58:21.0297 7776 wcncsvc - ok

15:58:21.0312 7776 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

15:58:21.0317 7776 WcsPlugInService - ok

15:58:21.0347 7776 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys

15:58:21.0347 7776 Wd - ok

15:58:21.0372 7776 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

15:58:21.0377 7776 Wdf01000 - ok

15:58:21.0407 7776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll

15:58:21.0412 7776 WdiServiceHost - ok

15:58:21.0417 7776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll

15:58:21.0422 7776 WdiSystemHost - ok

15:58:21.0462 7776 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll

15:58:21.0472 7776 WebClient - ok

15:58:21.0492 7776 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll

15:58:21.0502 7776 Wecsvc - ok

15:58:21.0522 7776 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll

15:58:21.0527 7776 wercplsupport - ok

15:58:21.0547 7776 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll

15:58:21.0552 7776 WerSvc - ok

15:58:21.0587 7776 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

15:58:21.0587 7776 WfpLwf - ok

15:58:21.0607 7776 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys

15:58:21.0607 7776 WIMMount - ok

15:58:21.0682 7776 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

15:58:21.0692 7776 WinDefend - ok

15:58:21.0717 7776 WinHttpAutoProxySvc - ok

15:58:21.0772 7776 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

15:58:21.0772 7776 Winmgmt - ok

15:58:21.0842 7776 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll

15:58:21.0862 7776 WinRM - ok

15:58:21.0922 7776 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

15:58:21.0922 7776 WinUsb - ok

15:58:21.0967 7776 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll

15:58:21.0982 7776 Wlansvc - ok

15:58:22.0022 7776 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

15:58:22.0022 7776 WmiAcpi - ok

15:58:22.0062 7776 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

15:58:22.0062 7776 wmiApSrv - ok

15:58:22.0147 7776 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

15:58:22.0162 7776 WMPNetworkSvc - ok

15:58:22.0182 7776 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll

15:58:22.0192 7776 WPCSvc - ok

15:58:22.0222 7776 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

15:58:22.0232 7776 WPDBusEnum - ok

15:58:22.0252 7776 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

15:58:22.0252 7776 ws2ifsl - ok

15:58:22.0267 7776 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll

15:58:22.0272 7776 wscsvc - ok

15:58:22.0277 7776 WSearch - ok

15:58:22.0352 7776 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll

15:58:22.0382 7776 wuauserv - ok

15:58:22.0392 7776 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys

15:58:22.0397 7776 WudfPf - ok

15:58:22.0442 7776 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

15:58:22.0447 7776 WUDFRd - ok

15:58:22.0482 7776 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll

15:58:22.0487 7776 wudfsvc - ok

15:58:22.0512 7776 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll

15:58:22.0522 7776 WwanSvc - ok

15:58:22.0557 7776 ================ Scan global ===============================

15:58:22.0572 7776 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll

15:58:22.0614 7776 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll

15:58:22.0629 7776 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll

15:58:22.0659 7776 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll

15:58:22.0684 7776 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe

15:58:22.0694 7776 [Global] - ok

15:58:22.0694 7776 ================ Scan MBR ==================================

15:58:22.0709 7776 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

15:58:22.0894 7776 \Device\Harddisk0\DR0 - ok

15:58:22.0894 7776 ================ Scan VBR ==================================

15:58:22.0909 7776 [ 1E4F67C78E115B91643D203FC0544B24 ] \Device\Harddisk0\DR0\Partition1

15:58:22.0909 7776 \Device\Harddisk0\DR0\Partition1 - ok

15:58:22.0909 7776 ============================================================

15:58:22.0909 7776 Scan finished

15:58:22.0909 7776 ============================================================

15:58:22.0929 6068 Detected object count: 0

15:58:22.0929 6068 Actual detected object count: 0

Thank you in advance for your help.

Psychotic · September 2, 2013

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

samgareth · September 2, 2013

Hi Psychotic

Thanks for your help.

Here are the posts for DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660

Run by Catherine Leetch at 17:57:46 on 2013-09-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1849 [GMT 10:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\nvvsvc.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\windows\system32\lxbfcoms.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe

C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\windows\System32\msdtc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe

C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe

C:\Program Files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe

C:\windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\TeamViewer\Version8\TeamViewer.exe

C:\Program Files\TeamViewer\Version8\tv_w32.exe

c:\program files\teamviewer\version8\TeamViewer_Desktop.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: CIEDownload Object: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe

mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [iTSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START

mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe

mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe

mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe

mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe

mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe

mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun

mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe

mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [sMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe

mRun: [sMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\cather~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{00D757B5-E6E9-49C5-AB34-7C86FD7CC9BD} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{54B18B37-1054-491A-85CF-555026CB8E40} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F}\07F636B6564777966696D256934693 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{9F1C02D5-980E-4194-B039-D7988E0A984F}\55C64796D6164756D213733324 : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{A1A18156-0900-4813-A509-D22740665892} : DHCPNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\catherine leetch\appdata\roaming\mozilla\firefox\profiles\gnlkm8zn.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll

FF - ExtSQL: 2013-08-01 18:06; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-1 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-1 175176]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-1 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-1 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-1 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-1 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-1 46808]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]

R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]

R2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\myob\accountright\servers\Huxley.Library.WindowsService.exe [2013-8-7 17752]

R2 MYOB AccountRight Server 2013.2;MYOB AccountRight Server 2013.2;c:\program files\myob\accountright\2013.2\au\Huxley.Server.WindowsService.exe [2013-6-12 15192]

R2 MYOB AccountRight Server 2013.3;MYOB AccountRight Server 2013.3;c:\program files\myob\accountright\2013.3\au\Huxley.Server.WindowsService.exe [2013-8-7 15192]

R2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\myob\accountright\servers\Huxley.ServerLocator.WindowsService.exe [2013-8-7 16216]

R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-7-29 4308320]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]

R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2009-5-20 11776]

R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-4-25 5632]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-9 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-9 167936]

R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2010-6-15 11048]

R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2010-6-15 14120]

R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2010-6-15 13440]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-9 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-9-28 19456]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-1 116136]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-15 4231680]

S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-1-18 214400]

S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-1-18 83968]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-1-18 208128]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]

.

=============== Created Last 30 ================

.

2013-09-02 07:52:57 -------- d-----w- c:\users\catherine leetch\appdata\local\Adobe

2013-08-26 00:08:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-26 00:08:11 -------- d-----w- c:\program files\iTunes

2013-08-26 00:08:11 -------- d-----w- c:\program files\iPod

2013-08-15 06:37:59 -------- d-----w- C:\OutlookBackup15Aug13

2013-08-14 17:10:32 -------- d-----w- c:\windows\system32\MRT

2013-08-14 09:56:52 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 09:56:49 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 09:56:49 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 09:56:49 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 09:56:49 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 09:56:42 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 09:56:40 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 09:56:40 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 09:56:32 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 09:56:28 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 09:56:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 09:56:20 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M ====================

.

2013-08-01 08:07:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-01 08:07:26 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-07-05 07:38:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-17 22:56:30 47104 ----a-w- c:\windows\system32\Wh2Robo.dll

2013-06-17 22:56:30 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL

2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:58:28.28 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 26/12/2009 12:00:18 PM

System Uptime: 22/08/2013 7:17:07 PM (262 hours ago)

.

Motherboard: TOSHIBA | | KSKAA

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 333.604 GiB free.

D: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP199: 9/08/2013 12:00:05 AM - Scheduled Checkpoint

RP200: 13/08/2013 5:10:00 PM - Windows Modules Installer

RP201: 15/08/2013 3:00:32 AM - Windows Update

RP202: 22/08/2013 3:50:31 PM - Scheduled Checkpoint

RP203: 26/08/2013 10:55:30 AM - Installed MYOB AccountRight Plus 2013.3 AU

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.12 (Unicode)

avast! Free Antivirus

Bejeweled 2 Deluxe 1.1

Bing Bar

Bluetooth Stack for Windows by Toshiba

Bonjour

Business Contact Manager for Outlook 2007 SP2

Canon Easy-WebPrint EX

Canon MF Toolbox 4.9.1.1.mf09

Canon MF4320-4350

Canon MP Navigator EX 3.0

Canon MP640 series MP Drivers

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CD-LabelPrint

Click to Call with Skype

COP

Creative Memories StoryBook Creator Plus 3 (Australia/New Zealand)

Direct DiscRecorder

Dolby Control Center

DVD MovieFactory for TOSHIBA

EasyBits GO

ENE CIR Receiver Driver

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HDMI Control Manager

HP Officejet 6500 E710n-z Basic Device Software

HP Officejet 6500 E710n-z Help

HP Officejet 6500 E710n-z Product Improvement Study

HP Update

I.R.I.S. OCR

iCloud

Intel® Matrix Storage Manager

iTunes

Java 6 Update 14

JMicron Flash Media Controller Driver

Junk Mail filter update

LeapFrog Connect

LeapFrog Tag Junior Plugin

Lexmark X6100 Series

Malwarebytes Anti-Malware version 1.75.0.1300

Marketsplash Shortcuts

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Choice Guard

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 4.0 SP1 ENU

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework 2.1 Core Components (x86) ENU

Microsoft Sync Framework 2.1 Database Providers (x86) ENU

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MYOB AccountRight Basics 2011 AU

MYOB AccountRight Plus 2013.2 AU

MYOB AccountRight Plus 2013.3 AU

MYOB AccountRight Plus v19.9

MYOB ODBC Direct v10 AUS

Norton Internet Security

NVIDIA Drivers

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Opera Mail 1.0

ParetoLogic DriverCure

Photo Story 3 for Windows

PlayReady PC Runtime x86

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype™ 5.10

SMART Notebook

SMART Product Drivers

Synaptics Pointing Device Driver

TeamViewer 8

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA PC Health Monitor

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Remote Control Manager

TOSHIBA SD Memory Utilities

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)

Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)

Utility Common Driver

VitalSource Bookshelf

WildTangent Games

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== End Of File ===========================

I have reached the following error when I try to use GMER Rootkit scanner

503z2m6d.exe - No Disk

There is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DR6.

Thanks again for your help.

Gareth

samgareth · September 2, 2013

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-02 19:16:34

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB

Running: 503z2m6d.exe; Driver: C:\Users\CATHER~1\AppData\Local\Temp\pxlcyuod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90B38610]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91A1F5FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90B390E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90B44F18]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90B44F64]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90B450FE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90B44E86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91A1F992]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90B44ECE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90B395E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90B39800]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90B450B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90B39E9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90B38676]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90B3D596]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91A1F6C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91A1DC12]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90B386DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90B3D98C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90B3A92C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90B44F42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90B44F86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90B45122]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90B44EAC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90B3CE78]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90B45036]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90B44EF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90B3D26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90B450DC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91A1F822]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90B3A7F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90B3A506]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90B38742]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90B387A8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90B39D16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90B382F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90B384CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90B3845C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90B3A066]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90B3A1C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90B38556]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91A1F8EA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90B39CF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x91A1DC42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90B3880E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91A1F76E]

INT 0x01 \??\C:\Users\CATHER~1\AppData\Local\Temp\mbr.sys A91E9C42

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91A38E00]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 2.1 ----

GMER finished

Psychotic · September 2, 2013

Nothing to see here...

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

samgareth · September 2, 2013

Hi Psychotic

It found the following threats:

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application

C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application

C:\Users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\00B26480.exe a variant of Win32/Toolbar.MyWebSearch.O application

C:\Users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00021219.exe a variant of Win32/Toolbar.MyWebSearch.K application

Psychotic · September 2, 2013

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

samgareth · September 3, 2013

ComboFix 13-09-02.02 - Catherine Leetch 03/09/2013 0:29.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1738 [GMT 10:00]

Running from: c:\users\Catherine Leetch\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 )))))))))))))))))))))))))))))))

.

2013-09-02 14:38 . 2013-09-02 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-02 10:26 . 2013-09-02 10:26 -------- d-----w- c:\program files\ESET

2013-09-02 07:52 . 2013-09-02 07:52 -------- d-----w- c:\users\Catherine Leetch\AppData\Local\Adobe

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iTunes

2013-08-26 00:08 . 2013-08-26 00:08 -------- d-----w- c:\program files\iPod

2013-08-15 06:37 . 2013-08-15 07:49 -------- d-----w- C:\OutlookBackup15Aug13

2013-08-14 17:10 . 2013-08-14 17:13 -------- d-----w- c:\windows\system32\MRT

2013-08-14 09:56 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 09:56 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 09:56 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 09:56 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 09:56 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 09:56 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 09:56 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 09:56 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 09:56 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 09:56 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 09:56 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 09:56 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-01 08:07 . 2013-08-01 08:07 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-01 08:07 . 2013-08-01 08:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-01 08:07 . 2013-08-01 08:07 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-05 07:40 . 2013-07-05 07:40 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-05 07:40 . 2013-07-05 07:40 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-05 07:40 . 2013-07-05 07:40 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-05 07:40 . 2013-07-05 07:40 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-07-05 07:40 . 2013-07-05 07:40 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-07-05 07:40 . 2013-07-05 07:40 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-05 07:40 . 2013-07-05 07:40 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-07-05 07:40 . 2013-07-05 07:40 361984 ----a-w- c:\windows\system32\html.iec

2013-07-05 07:40 . 2013-07-05 07:40 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-05 07:40 . 2013-07-05 07:40 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-07-05 07:40 . 2013-07-05 07:40 158720 ----a-w- c:\windows\system32\msls31.dll

2013-07-05 07:40 . 2013-07-05 07:40 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-07-05 07:40 . 2013-07-05 07:40 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-05 07:40 . 2013-07-05 07:40 138752 ----a-w- c:\windows\system32\wextract.exe

2013-07-05 07:40 . 2013-07-05 07:40 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-05 07:40 . 2013-07-05 07:40 12800 ----a-w- c:\windows\system32\mshta.exe

2013-07-05 07:40 . 2013-07-05 07:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-05 07:38 . 2013-07-05 07:38 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-07-05 07:38 . 2013-07-05 07:38 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-05 07:38 . 2013-07-05 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-05 07:38 . 2013-07-05 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-07-05 07:38 . 2013-07-05 07:38 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-05 07:38 . 2013-07-05 07:38 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-05 07:38 . 2013-07-05 07:38 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-05 07:38 . 2013-07-05 07:38 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-05 07:38 . 2013-07-05 07:38 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-05 07:38 . 2013-07-05 07:38 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-05 07:38 . 2013-07-05 07:38 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-05 07:38 . 2013-07-05 07:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-05 07:38 . 2013-07-05 07:38 1504768 ----a-w- c:\windows\system32\d3d11.dll

2013-07-05 07:38 . 2013-07-05 07:38 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-05 07:38 . 2013-07-05 07:38 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-05 07:38 . 2013-07-05 07:38 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-07-05 07:38 . 2013-07-05 07:38 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-17 22:56 . 2013-06-17 22:56 47104 ----a-w- c:\windows\system32\Wh2Robo.dll

2013-06-17 22:56 . 2013-06-17 22:56 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL

2013-06-05 03:05 . 2013-07-11 00:08 2347520 ----a-w- c:\windows\system32\win32k.sys

2012-01-29 15:55 . 2012-02-04 02:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 01:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]

"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]

"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-04-01 298616]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-15 152392]

.

c:\users\Catherine Leetch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 19456]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-01 116136]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2011-03-10 214400]

R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx.sys [2011-04-04 83968]

R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2011-03-03 208128]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]

S2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [2013-08-07 17752]

S2 MYOB AccountRight Server 2013.2;MYOB AccountRight Server 2013.2;c:\program files\MYOB\AccountRight\2013.2\AU\Huxley.Server.WindowsService.exe [2013-06-12 15192]

S2 MYOB AccountRight Server 2013.3;MYOB AccountRight Server 2013.3;c:\program files\MYOB\AccountRight\2013.3\AU\Huxley.Server.WindowsService.exe [2013-08-07 15192]

S2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [2013-08-07 16216]

S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-08-07 4308320]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]

S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]

S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 20209524

*NewlyCreated* - PXLCYUOD

*Deregistered* - 20209524

*Deregistered* - pxlcyuod

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-30 08:37 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2013-01-25 21:32]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 05:54]

.

2013-09-02 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-06-06 19:45]

.

2013-08-22 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

2013-08-28 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52]

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Catherine Leetch\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkm8zn.default\

FF - ExtSQL: 2013-08-01 18:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-03 00:39:32

ComboFix-quarantined-files.txt 2013-09-02 14:39

ComboFix2.txt 2013-08-01 05:53

ComboFix3.txt 2013-08-01 05:27

.

Pre-Run: 357,739,286,528 bytes free

Post-Run: 357,602,189,312 bytes free

.

- - End Of File - - F5EEACC9446A38D2719B91649B3F9D14

5B5E648D12FCADC244C1EC30318E1EB9

samgareth · September 4, 2013

Hi Psychotic

Can you please help me a little bit more quickly.

I am getting pressure put on me to be able to send emails again.

Thank you my friend.

Gareth

samgareth · September 4, 2013

Hi Psychotic

I am not sure if this helps but I thought I would give you some more info about the problem I am having...

When emails are sent from MS Outlook 2007 I get an error. It is error 0x00CCC0F. Connection Refused xxx.xxx.xxx.xxx is listed on Exploits Block List. Please visit www.spamhaus.org/xbl for more information.

I can remove myself from the spamhaus website but I want to know I have removed this malware first.

When I visit spamhaus this is the information they give me on the malware...

P Address xxx.xxx.xxx.xxx is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2013-09-01 10:00 GMT (+/- 30 minutes), approximately 2 days, 17 hours ago.

It has been relisted following a previous removal at 2013-08-01 06:20 GMT (33 days, 20 hours, 11 minutes ago)

This IP address is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

The infection was detected by observing this IP address attempting to make contact to a Torpig Command and Control server (C&C), a central server used by the criminals to control with Torpig infected computers (bots).

Torpig is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).

If you are running Windows XP, Torpig was likely dropped by Mebroot. Mebroot is a Rootkit that installs itself into the MBR (Master Boot Record). If you are running a newer Windows operating system, Torpig has been likely dropped by a second Trojan such as Andromeda/Gamarue or similar malware droppers.

With Mebroot or any other rootkit that installs itself into the MBR, you will either have to use a "MBR cleaner" or reformat the drive completely - even if you manage to remove Torpig, the MBR infection will cause it to be reinfected again.

The best way to find the machine responsible for this listing is to look for connections to the Torpig C&C sinkhole. This detection was made through a connection to "xxx.xxx.xxx.xxx" on port "80" TCP. This detection corresponds to a connection at 2013-09-01 09:44:59 (GMT - this timestamp is believed accurate to within one second).

You can try Kaspersky's TDSSKiller Antirootkit Utility to get this infection detected/removed. However, we strongly recommend you to do completely re-install your operation system to get this infection removed permanently.

These infections are rated as a "severe threat" by Microsoft. It is a trojan downloader, and can download and execute ANY software on the infected computer.

You will need to find and eradicate the infection before delisting the IP address.

We strongly recommend that you DO NOT simply firewall off connections to the sinkhole IP addresses given above. Those IP addresses are of sinkholes operated by malware researchers. In other words, it's a "sensor" (only) run by "the good guys". The bot "thinks" its a command and control server run by the spambot operators but it isn't. It DOES NOT actually download anything, and is not a threat.

If you firewall the sinkhole addresses, your IPs will remain infected, and they will STILL be delivering your users/customers personal information, including banking information to the criminal bot operators.

If you do choose to firewall these IPs, PLEASE instrument your firewall to tell you which internal machine is connecting to them so that you can identify the infected machine yourself and fix it.

We are enhancing the instructions on how to find these infections, and more information will be given here as it becomes available.

Virtually all detections made by the CBL are of infections that do NOT leave any "tracks" for you to find in your mail server logs. This is even more important for the viruses described here - these detections are made on network-level detections of malicious behaviour and may NOT involve malicious email being sent.

This means: if you have port 25 blocking enabled, do not take this as indication that your port 25 blocking isn't working.

The links above may help you find this infection. You can also consult Advanced Techniques for other options and alternatives. NOTE: the Advanced Techniques link focuses on finding port 25(SMTP) traffic. With "sinkhole malware" detections such as this listing, we aren't detecting port 25 traffic, we're detecting traffic on other ports. Therefore, when reading Advanced Techniques, you will need to consider all ports, not just SMTP.

Pay very close attention: Most of these trojans have extremely poor detection rates in current Anti-Virus software. For example, Ponmocup is only detected by 3 out of 49 AV tools queried at Virus Total.

Thus: having your anti-virus software doesn't find anything doesn't prove that you're not infected.

While we regret having to say this, downloaders will generally download many different malicious payloads. Even if an Anti-Virus product finds and removes the direct threat, they will not have detected or removed the other malicious payloads. For that reason, we recommend recloning the machine - meaning: reformatting the disks on the infected machine, and re-installing all software from known-good sources.

Psychotic · September 4, 2013

Sorry, but I´m a volunteer in here and I can reply within my free time only.

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Scan with aswMBR

Please download aswMBR.exe to your desktop.

Double-click the aswMBR.exe to run it
When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
Now click on the Scan button to start scan
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

CFScript.txt

samgareth · September 5, 2013

ComboFix 13-09-02.02 - Catherine Leetch 04/09/2013 17:25:14.4.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.1198 [GMT 10:00]

Running from: c:\users\Catherine Leetch\Downloads\ComboFix.exe

Command switches used :: c:\users\Catherine Leetch\Downloads\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\program files\Windows Live\Messenger\msimg32.dll"

"c:\program files\Windows Live\Messenger\riched20.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\00B26480.exe

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\FunWebProducts\Shared\Cache\WebfettiBtn.html

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\000144AD

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00021219.exe

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\000C40C7

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3A5E3

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3E801.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3ED1F.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3F02B.bmp

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\00B3F327.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117EAA1.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F387.bmp

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F599.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\0117F710.bin

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\History\search3

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\8_step1.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkez.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgr.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgs.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bklf.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkrg.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzc.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzl.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzn.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzq.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzr.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzu.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzv.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzw.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2d.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2r.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3d.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3r.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4b.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4c.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shield.png

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm

c:\users\Catherine Leetch\AppData\LocalLow\MyWebSearch\bar\Settings\s_FeatCk.dat

.

((((((((((((((((((((((((( Files Created from 2013-08-04 to 2013-09-04 )))))))))))))))))))))))))))))))

.

2013-09-04 07:36 . 2013-09-04 07:36 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-09-04 07:36 . 2013-09-04 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-02 10:26 . 2013-09-02 10:26 -------- d-----w- c:\program files\ESET

2013-09-02 07:52 . 2013-09-03 04:24 -------- d-----w- c:\users\Catherine Leetch\AppData\Local\Adobe