Rootkit?

Bizness · November 17, 2013

I'm at my wit's end. I can't remember all that I've tried but one of your recommended programs originally found indications of Zero Access. Nothing was found after stepping through a number of solutions but the problem persists. My last attempt was a system recovery but the problem remains. The CPU usage spikes rapidly and it attempts network access repeatedly. I booted the system into Safe Mode and no problems. I am reporting this from my 64-bit desktop while leaving the 32-bit problem-child laptop in Safe Mode.

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Kath at 13:10:34 on 2013-11-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.2555 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [ConexantAudioPatch] c:\program files\conexantaudiopatch\Audioreset.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CEB858C1-B02E-41CC-B58A-AD5855C66673} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-11-15 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-11-15 440376]
S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-11-15 440376]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-11-15 90400]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 taisregispinger;taisregispinger;c:\program files\toshiba\toshibaregistration\TaisRegistPinger.exe [2009-8-31 210304]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-15 108032]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2013-11-15 24064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-15 14848]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-6-20 1117800]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2013-11-15 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-15 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-15 1343400]
.
=============== Created Last 30 ================
.
2013-11-17 15:51:45   --------   d-----w-   c:\users\kath\appdata\local\Apps
2013-11-17 15:20:57   --------   d-----w-   c:\users\kath\appdata\local\ElevatedDiagnostics
2013-11-17 14:38:15   --------   d-----w-   c:\users\kath\appdata\local\Microsoft Games
2013-11-16 13:20:11   --------   d-----w-   c:\users\kath\appdata\local\Realtime Soft
2013-11-16 13:18:03   --------   d-----w-   c:\users\kath\appdata\roaming\Realtime Soft
2013-11-16 13:18:00   --------   d-----w-   c:\program files\common files\Realtime Soft
2013-11-16 13:17:59   --------   d-----w-   c:\programdata\Realtime Soft
2013-11-16 13:17:59   --------   d-----w-   c:\program files\UltraMon
2013-11-16 04:35:07   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2013-11-16 04:34:01   --------   d-----w-   c:\users\kath\appdata\local\Microsoft Help
2013-11-16 04:10:03   317440   ----a-w-   c:\windows\system32\spoolsv.exe
2013-11-16 04:10:02   2616320   ----a-w-   c:\windows\explorer.exe
2013-11-16 04:10:01   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2013-11-16 03:42:28   76288   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2013-11-16 03:42:28   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2013-11-16 03:42:27   6016   ----a-w-   c:\windows\system32\drivers\usbd.sys
2013-11-16 03:42:27   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2013-11-16 03:42:27   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2013-11-16 03:42:27   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2013-11-16 03:42:27   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2013-11-16 02:27:35   49152   ----a-w-   c:\windows\system32\taskhost.exe
2013-11-16 02:25:32   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-11-16 02:17:50   40960   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-11-16 02:08:32   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-11-16 02:07:56   47104   ----a-w-   c:\windows\system32\appinfo.dll
2013-11-16 02:07:56   101720   ----a-w-   c:\windows\system32\consent.exe
2013-11-16 02:07:38   527064   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-11-16 02:07:35   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-11-16 01:14:16   --------   d-----w-   c:\windows\system32\SPReview
2013-11-16 01:13:06   --------   d-----w-   c:\windows\system32\EventProviders
2013-11-16 00:43:23   --------   d-----w-   c:\users\kath\appdata\local\Adobe
2013-11-16 00:36:42   --------   d-----w-   c:\programdata\Oracle
2013-11-16 00:36:23   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-11-15 23:25:39   --------   d-----w-   c:\programdata\APN
2013-11-15 22:18:47   --------   d-----w-   c:\users\kath\appdata\roaming\Avira
2013-11-15 22:12:31   90400   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-11-15 22:12:31   67680   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2013-11-15 22:12:31   37352   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2013-11-15 22:12:26   --------   d-----w-   c:\programdata\Avira
2013-11-15 22:12:26   --------   d-----w-   c:\program files\Avira
2013-11-15 21:55:59   98816   ----a-w-   c:\windows\system32\Robocopy.exe
2013-11-15 21:39:04   1699328   ----a-w-   c:\windows\system32\esent.dll
2013-11-15 21:39:04   143744   ----a-w-   c:\windows\system32\drivers\nvstor.sys
2013-11-15 21:39:03   80256   ----a-w-   c:\windows\system32\drivers\amdsata.sys
2013-11-15 21:39:03   74240   ----a-w-   c:\windows\system32\fsutil.exe
2013-11-15 21:39:03   332160   ----a-w-   c:\windows\system32\drivers\iaStorV.sys
2013-11-15 21:39:03   22400   ----a-w-   c:\windows\system32\drivers\amdxata.sys
2013-11-15 21:39:03   148864   ----a-w-   c:\windows\system32\drivers\storport.sys
2013-11-15 21:39:03   117120   ----a-w-   c:\windows\system32\drivers\nvraid.sys
2013-11-15 19:21:14   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-11-15 19:21:14   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-11-15 19:20:49   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-11-15 19:20:49   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-11-15 19:20:49   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-11-15 19:20:49   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-11-15 19:20:49   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-11-15 19:20:49   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-11-15 19:20:48   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2013-11-15 19:20:21   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-11-15 19:20:21   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-11-15 19:20:21   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-15 19:12:17   --------   d-----w-   c:\windows\system32\Wat
2013-11-15 18:58:09   --------   d-----w-   c:\program files\ConexantAudioPatch
2013-11-15 18:56:10   24064   ----a-w-   c:\windows\system32\drivers\PGEffect.sys
2013-11-15 18:52:25   24576   ----a-w-   c:\windows\system32\TSCI.dll
2013-11-15 18:52:25   24576   ----a-w-   c:\windows\system32\THCI.dll
2013-11-15 18:50:54   --------   d-----w-   c:\program files\Realtek
2013-11-15 18:49:48   --------   d-----w-   c:\windows\system32\Atheros_L1e
2013-11-15 18:49:39   --------   d-----w-   c:\program files\Synaptics
2013-11-15 18:48:07   --------   d-----w-   c:\program files\Realtek WLAN Driver
2013-11-15 18:47:18   --------   d-----w-   c:\program files\CONEXANT
2013-11-15 18:43:36   --------   d-----w-   c:\windows\system32\Lang
2013-11-15 18:43:35   1002008   ----a-w-   c:\windows\system32\igxpun.exe
2013-11-15 18:40:53   330264   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2013-11-15 18:30:52   33104   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2013-11-15 18:30:52   32592   ----a-w-   c:\windows\system32\msonpmon.dll
2013-11-15 18:27:42   --------   d-----w-   c:\windows\system32\MRT
2013-11-15 18:25:20   542208   ----a-w-   c:\windows\system32\kerberos.dll
2013-11-15 18:23:55   741376   ----a-w-   c:\windows\system32\inetcomm.dll
2013-11-15 18:22:57   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-11-15 18:22:56   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2013-11-15 18:22:56   132608   ----a-w-   c:\windows\system32\dnsrslvr.dll
2013-11-15 18:22:53   769024   ----a-w-   c:\windows\system32\localspl.dll
2013-11-15 18:22:53   30208   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2013-11-15 18:22:50   31232   ----a-w-   c:\windows\system32\prevhost.exe
2013-11-15 18:22:49   196328   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-11-15 18:22:48   293376   ----a-w-   c:\windows\system32\umpnpmgr.dll
2013-11-15 18:22:48   145920   ----a-w-   c:\windows\system32\cfgmgr32.dll
2013-11-15 18:22:46   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2013-11-15 18:12:15   107520   ----a-w-   c:\windows\system32\cdd.dll
2013-11-15 18:05:50   --------   d-----w-   c:\users\kath\appdata\local\TOSHIBA_Corporation
2013-11-15 18:04:37   826880   ----a-w-   c:\windows\system32\rdpcore.dll
2013-11-15 18:04:37   24576   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2013-11-15 18:04:37   18432   ----a-w-   c:\windows\system32\drivers\tdpipe.sys
2013-11-15 17:54:46   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2013-11-15 17:54:38   88576   ----a-w-   c:\windows\system32\wudriver.dll
2013-11-15 17:54:31   33792   ----a-w-   c:\windows\system32\wuapp.exe
2013-11-15 17:54:31   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2013-11-15 17:27:43   --------   d-----w-   c:\users\kath\appdata\local\Diagnostics
2013-11-15 16:25:59   --------   d-----w-   c:\users\kath\appdata\local\Google
2013-11-15 16:24:44   --------   d-----w-   c:\users\kath\appdata\local\Toshiba
2013-11-15 16:23:18   17   --sh--r-   c:\windows\system32\drivers\fbd.sys
.
==================== Find3M ====================
.
2013-11-16 02:27:07   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-16 01:41:23   152576   ----a-w-   c:\windows\system32\msclmd.dll
2013-10-12 02:03:08   656896   ----a-w-   c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41   679424   ----a-w-   c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25   216576   ----a-w-   c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25   1168384   ----a-w-   c:\windows\system32\crypt32.dll
2013-10-04 01:58:50   152576   ----a-w-   c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25   168960   ----a-w-   c:\windows\system32\credui.dll
2013-10-04 01:56:00   1796096   ----a-w-   c:\windows\system32\authui.dll
2013-10-03 01:58:07   305152   ----a-w-   c:\windows\system32\gdi32.dll
2013-09-25 02:01:08   136640   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06   67520   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46   99840   ----a-w-   c:\windows\system32\sspicli.dll
2013-09-25 01:57:26   22016   ----a-w-   c:\windows\system32\secur32.dll
2013-09-25 01:57:24   247808   ----a-w-   c:\windows\system32\schannel.dll
2013-09-25 01:56:42   220160   ----a-w-   c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02   1038848   ----a-w-   c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20   22016   ----a-w-   c:\windows\system32\lsass.exe
2013-09-25 00:49:18   15872   ----a-w-   c:\windows\system32\sspisrv.dll
2013-09-14 00:48:58   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12   1294272   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58   231424   ----a-w-   c:\windows\system32\mswsock.dll
2013-09-03 18:35:12   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-08-29 01:51:45   3969472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45   3914176   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-29 01:50:16   619520   ----a-w-   c:\windows\system32\tdh.dll
2013-08-29 01:48:17   640512   ----a-w-   c:\windows\system32\advapi32.dll
2013-08-28 01:04:30   2348544   ----a-w-   c:\windows\system32\win32k.sys
2013-08-28 00:57:20   434688   ----a-w-   c:\windows\system32\scavengeui.dll
.
============= FINISH: 13:11:40.24 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2013 12:22:22 PM
System Uptime: 11/17/2013 12:55:59 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite T135
Processor: Genuine Intel® CPU U4100 @ 1.30GHz | U2E1 | 1296/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 259.114 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 59.396 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP28: 11/15/2013 9:14:07 PM - Windows 7 Service Pack 1
RP29: 11/15/2013 10:19:33 PM - Windows Update
RP30: 11/15/2013 11:42:36 PM - Windows Update
RP31: 11/16/2013 12:10:09 AM - Windows Update
RP33: 11/16/2013 12:33:21 AM - Installed Microsoft Office Enterprise 2007
RP34: 11/16/2013 9:17:42 AM - Installed UltraMon
RP35: 11/16/2013 11:21:34 AM - Fresh install with applications
RP36: 11/16/2013 1:11:40 PM - Adobe Flash
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MyToshiba
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
UltraMon
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
11/17/2013 12:57:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/17/2013 12:57:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/17/2013 12:56:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/17/2013 12:56:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/17/2013 12:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/17/2013 12:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/17/2013 12:56:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/17/2013 12:56:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/17/2013 12:56:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2013 10:50:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/17/2013 1:09:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/16/2013 8:13:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/16/2013 10:18:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

11/15/2013 9:53:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
11/15/2013 3:08:35 PM, Error: Service Control Manager [7023] -
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2786400).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2749655).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB975467).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2840149).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2808735).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2807986).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2758857).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2644615).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2536275).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2503665).
11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2347290).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2799926).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2563227).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2506928).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2770660).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2769369).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2510531).
11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2729451).
11/15/2013 3:05:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2813170).
11/15/2013 3:05:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB977074).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2762895).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2661254).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2545698).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982665).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982132).
11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2423089).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980408).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2660075).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2685939).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2579686).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2305420).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Update for Media Center for Windows 7 (KB2284742).
11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980846).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2761217).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982799).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB978542).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2813347).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2719985).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2660649).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2655992).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2564958).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2536276).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2535512).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2419640).
11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2736418).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB974431).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2729094).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2726535).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2547666).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB979482).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB972270).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2790655).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2757638).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2698365).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2676562).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2659262).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2544893).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2491683).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2387149).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2378111).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2296011).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656410).
11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656355).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2732500).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2703157).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2699779).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2522422).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2511250).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for User-Mode Driver Framework version 1.11 for Windows 7 (KB2685813).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 (KB2685811).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB977165).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2743555).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2705219).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2631813).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2619339).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2570947).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2789644).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598).
11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2817183).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2773072).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2741355).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2488113).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2484033).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2690533).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2667402).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2654428).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2653956).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2585542).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2560656).
11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2483614).
11/15/2013 10:53:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2834140).
.
==== End Of File ===========================

kevinf80 · November 17, 2013

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin...

Bizness · November 17, 2013

Please excuse the paste of the attach.txt file. I couldn't see where to edit and remove it.

I tried pasting frst.txt but I'm told the post is too long and to shorten it, I have no idea where to shorten the post so I have attached it along with addition.txt.

Addition.txt

FRST.txt

kevinf80 · November 17, 2013

Not much to see with FRST, ok run the following:

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the update completes select Next.

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

13. Verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...

Bizness · November 18, 2013

The rootkit found nothing. Internet OK. Could not access Windows update. The Action Center reports Windows Security Center Service is off and no windows updates needed. Ran fixdamage and no change. Logs attached

mbar-log-2013-11-17 (18-59-08).txt

system-log.txt

kevinf80 · November 18, 2013

Run the following in Safemode with Networking

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Bizness · November 18, 2013

I could see no indication of Avira running but Combofix indicated it was running Avira Desktop antivirus and antispyware so I opened the Avira Action Center to turn off real-time protection. I clicked to close Combofix but Combofix warned me again that Avira was still running. Then I uninstalled Avira and allowed it to reboot into Safe Mode without networking again.

After the reboot I ran Combofix as administrator and it STILL read that Avira is running anti-virus and anti-spyware. I stopped and left the message up.

Bizness · November 18, 2013

I should have mentioned in the previous post that the laptop was running in Safe Mode with networking when I first ran Combofix. I rebooted again into Safe Mode with networking and there is no change. Combofix still reports Avira running.

Bizness · November 18, 2013

I wish I could edit previous posts. I checked to see that Avira was not on the list of programs available to uninstall and it is not listed anyway. I also forgot to mention that before my first post I tried to uninstall Microsoft Office Enterprise 2007 but got the message that it did not uninstall completely.

kevinf80 · November 18, 2013

If you have UNinstalled Avira but combofix still indicates it active do this:

Go here: http://www.avira.com/en/download-start/product/avira-registrycleaner download the Avira registry cleaner, follow the instructions at the link. That should remove all remnants of Avira....

Bizness · November 19, 2013

I ran the Avira registry cleaner to delete all the keys but Combofix reports it is still running. I went back and reran Avira RegCleaner scanning all directories and no keys found. I then did a cold boot but Combofix still reports that Avira is running.

kevinf80 · November 19, 2013

Just accept that alert from Combofix and allow it to run....

Bizness · November 19, 2013

Combofix Log minus the multiple pages of date and time:

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.2463 [GMT -4:00]
Running from: c:\users\Kath\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-19 to 2013-11-19 )))))))))))))))))))))))))))))))
.
.
2013-11-19 15:53 . 2013-11-19 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 14:48 . 2013-11-19 14:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25BB2E7F-21FC-4BAC-A203-2F70906FB160}\offreg.dll
2013-11-17 22:41 . 2013-11-17 22:41 -------- d-----w- c:\programdata\Malwarebytes
2013-11-17 22:41 . 2013-11-17 23:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-17 22:41 . 2013-11-17 22:59 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-17 22:17 . 2013-11-17 22:58 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-17 18:59 . 2013-11-17 18:59 -------- d-----w- C:\FRST
2013-11-16 13:18 . 2013-11-16 13:18 -------- d-----w- c:\program files\Common Files\Realtime Soft
2013-11-16 13:17 . 2013-11-16 13:18 -------- d-----w- c:\program files\UltraMon
2013-11-16 13:17 . 2013-11-16 13:17 -------- d-----w- c:\programdata\Realtime Soft
2013-11-16 04:35 . 2013-11-16 04:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-11-16 04:33 . 2013-11-16 04:33 -------- d-----r- C:\MSOCache
2013-11-16 04:10 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-11-16 04:10 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2013-11-16 04:10 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-16 03:42 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-16 03:42 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-16 03:42 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-16 03:42 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-16 03:42 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-16 03:42 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-16 03:42 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-16 02:27 . 2013-11-16 02:27 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-11-16 02:25 . 2013-11-16 02:25 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-16 02:17 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-11-16 02:08 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-16 02:07 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-11-16 02:07 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-11-16 02:07 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-11-16 02:07 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-11-16 01:14 . 2013-11-16 01:14 -------- d-----w- c:\windows\system32\SPReview
2013-11-16 01:13 . 2013-11-16 01:13 -------- d-----w- c:\windows\system32\EventProviders
2013-11-16 00:36 . 2013-11-16 00:36 -------- d-----w- c:\programdata\Oracle
2013-11-16 00:36 . 2013-11-16 00:36 -------- d-----w- c:\program files\Common Files\Java
2013-11-16 00:36 . 2013-11-16 00:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-16 00:33 . 2013-11-16 00:33 -------- d-----w- c:\programdata\McAfee
2013-11-15 23:25 . 2013-11-15 23:25 -------- d-----w- c:\programdata\APN
2013-11-15 21:55 . 2010-11-20 12:30 130432 ----a-w- c:\windows\system32\drivers\mpio.sys
2013-11-15 21:39 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-11-15 21:39 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2013-11-15 21:39 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-11-15 21:39 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-11-15 21:39 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-11-15 21:39 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-11-15 21:39 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-11-15 19:21 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-11-15 19:21 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-11-15 19:20 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-15 19:20 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-15 19:20 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-11-15 19:20 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-15 19:20 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-15 19:20 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-15 19:20 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-11-15 19:20 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-11-15 19:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-15 19:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-11-15 19:12 . 2013-11-15 19:12 -------- d-----w- c:\windows\system32\Wat
2013-11-15 18:58 . 2013-11-15 18:58 -------- d-----w- c:\program files\ConexantAudioPatch
2013-11-15 18:56 . 2009-06-23 01:04 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2013-11-15 18:52 . 1999-10-13 02:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2013-11-15 18:52 . 1999-10-13 02:45 24576 ----a-w- c:\windows\system32\THCI.dll
2013-11-15 18:50 . 2013-11-15 18:50 -------- d-----w- c:\program files\Realtek
2013-11-15 18:49 . 2013-11-15 18:49 -------- d-----w- c:\windows\system32\Atheros_L1e
2013-11-15 18:49 . 2013-11-15 18:49 -------- d-----w- c:\program files\Synaptics
2013-11-15 18:48 . 2013-11-15 18:48 -------- d-----w- c:\program files\Realtek WLAN Driver
2013-11-15 18:47 . 2013-11-15 18:47 -------- d-----w- c:\program files\CONEXANT
2013-11-15 18:43 . 2013-11-15 18:43 -------- d-----w- c:\windows\system32\Lang
2013-11-15 18:43 . 2009-09-02 22:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2013-11-15 18:40 . 2009-06-05 02:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-11-15 18:30 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2013-11-15 18:30 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2013-11-15 18:30 . 2013-11-16 04:37 -------- d-----w- c:\program files\Microsoft.NET
2013-11-15 18:28 . 2013-11-16 04:41 -------- d-----w- c:\programdata\Microsoft Help
2013-11-15 18:27 . 2013-11-15 18:29 -------- d-----w- c:\windows\system32\MRT
2013-11-15 18:25 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2013-11-15 18:23 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-11-15 18:22 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-11-15 18:22 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-11-15 18:22 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-11-15 18:22 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2013-11-15 18:22 . 2010-11-20 12:21 30208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2013-11-15 18:22 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-11-15 18:22 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-11-15 18:22 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-11-15 18:22 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2013-11-15 18:22 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-11-15 18:12 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2013-11-15 18:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-11-15 18:04 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-11-15 18:04 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2013-11-15 17:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-11-15 17:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-11-15 17:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-15 17:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-11-15 17:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-11-15 17:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-11-15 17:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-11-15 17:54 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-11-15 17:54 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-11-15 16:23 . 2013-11-15 16:23 17 --sh--r- c:\windows\system32\drivers\fbd.sys
2013-11-15 16:22 . 2013-11-17 15:01 -------- d-----w- c:\users\Kath
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 01:41 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-11-16 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico /auto [2013-11-16 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 taisregispinger;taisregispinger;c:\program files\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 210304]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-16 108032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-15 1343400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 9216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-06-20 1117800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.facebook.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-19 11:56:08
ComboFix-quarantined-files.txt 2013-11-19 15:56
.
Pre-Run: 278,290,313,216 bytes free
Post-Run: 278,224,302,080 bytes free
.
- - End Of File - - 690E87F306F5D9D6FD50898E71C2A4F8
5B5E648D12FCADC244C1EC30318E1EB9

kevinf80 · November 19, 2013

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

SecCenter::AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report here

Let me see both logs...

Bizness · November 21, 2013

I initially had trouble running the ESET scanner because the virus kept interrupting the web page. I had to shut it down for a while and then run Combofix again and the online scanner. I disabled Windows Defender from the Task Manager prior to running either program. ESET gave me a message that I wasn't using Internet Explorer but I started it as administrator from the executable in c:\Program Files\Internet Explorer. ESET Online did not find threats and produced no report that I can see.

I had mentioned in a previous post about deleting the multiple date\time entries from the Combofix log. Apparently the virus was doing that. It was making everything difficult by filling up Notepad with date and time at the beginning of the log.

The current Combofix log is below.

ComboFix 13-11-19.01 - Kath 11/20/2013   7:33.7.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.2527 [GMT -4:00]
Running from: c:\users\Kath\Desktop\ComboFix.exe
Command switches used :: c:\users\Kath\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 4
The system cannot execute the specified program.
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 11:39 . 2013-11-20 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-20 00:29 . 2013-11-20 00:29 -------- d-----w- c:\program files\ESET
2013-11-17 22:41 . 2013-11-17 22:41 -------- d-----w- c:\programdata\Malwarebytes
2013-11-17 22:41 . 2013-11-17 23:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-17 22:41 . 2013-11-17 22:59 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-17 22:17 . 2013-11-17 22:58 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-17 18:59 . 2013-11-17 18:59 -------- d-----w- C:\FRST
2013-11-16 13:18 . 2013-11-16 13:18 -------- d-----w- c:\program files\Common Files\Realtime Soft
2013-11-16 13:17 . 2013-11-16 13:18 -------- d-----w- c:\program files\UltraMon
2013-11-16 13:17 . 2013-11-16 13:17 -------- d-----w- c:\programdata\Realtime Soft
2013-11-16 04:35 . 2013-11-16 04:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-11-16 04:33 . 2013-11-16 04:33 -------- d-----r- C:\MSOCache
2013-11-16 04:10 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-11-16 04:10 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2013-11-16 04:10 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-16 03:42 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-16 03:42 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-16 03:42 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-16 03:42 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-16 03:42 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-16 03:42 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-16 03:42 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-16 02:27 . 2013-11-16 02:27 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-11-16 02:25 . 2013-11-16 02:25 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-16 02:17 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-11-16 02:08 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-16 02:07 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-11-16 02:07 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-11-16 02:07 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-11-16 02:07 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-11-16 01:14 . 2013-11-16 01:14 -------- d-----w- c:\windows\system32\SPReview
2013-11-16 01:13 . 2013-11-16 01:13 -------- d-----w- c:\windows\system32\EventProviders
2013-11-16 00:36 . 2013-11-16 00:36 -------- d-----w- c:\programdata\Oracle
2013-11-16 00:36 . 2013-11-16 00:36 -------- d-----w- c:\program files\Common Files\Java
2013-11-16 00:36 . 2013-11-16 00:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-16 00:33 . 2013-11-16 00:33 -------- d-----w- c:\programdata\McAfee
2013-11-15 23:25 . 2013-11-15 23:25 -------- d-----w- c:\programdata\APN
2013-11-15 21:55 . 2010-11-20 12:30 130432 ----a-w- c:\windows\system32\drivers\mpio.sys
2013-11-15 21:39 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-11-15 21:39 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2013-11-15 21:39 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-11-15 21:39 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-11-15 21:39 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-11-15 21:39 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-11-15 21:39 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-11-15 19:21 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-11-15 19:21 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-11-15 19:20 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-11-15 19:20 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-11-15 19:20 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-11-15 19:20 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-11-15 19:20 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-11-15 19:20 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-11-15 19:20 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-11-15 19:20 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-11-15 19:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-15 19:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-11-15 19:12 . 2013-11-15 19:12 -------- d-----w- c:\windows\system32\Wat
2013-11-15 18:58 . 2013-11-15 18:58 -------- d-----w- c:\program files\ConexantAudioPatch
2013-11-15 18:56 . 2009-06-23 01:04 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2013-11-15 18:52 . 1999-10-13 02:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2013-11-15 18:51 . 2013-11-15 18:51 -------- d-----w- c:\windows\system32\tr
2013-11-15 18:50 . 2013-11-15 18:50 -------- d-----w- c:\program files\Realtek
2013-11-15 18:49 . 2013-11-15 18:49 -------- d-----w- c:\windows\system32\Atheros_L1e
2013-11-15 18:49 . 2013-11-15 18:49 -------- d-----w- c:\program files\Synaptics
2013-11-15 18:48 . 2013-11-15 18:48 -------- d-----w- c:\program files\Realtek WLAN Driver
2013-11-15 18:47 . 2013-11-15 18:47 -------- d-----w- c:\program files\CONEXANT
2013-11-15 18:43 . 2013-11-15 18:43 -------- d-----w- c:\windows\system32\Lang
2013-11-15 18:43 . 2009-09-02 22:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2013-11-15 18:40 . 2009-06-05 02:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-11-15 18:30 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2013-11-15 18:30 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2013-11-15 18:30 . 2013-11-16 04:37 -------- d-----w- c:\program files\Microsoft.NET
2013-11-15 18:28 . 2013-11-16 04:41 -------- d-----w- c:\programdata\Microsoft Help
2013-11-15 18:27 . 2013-11-15 18:29 -------- d-----w- c:\windows\system32\MRT
2013-11-15 18:25 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2013-11-15 18:23 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-11-15 18:22 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-11-15 18:22 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-11-15 18:22 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-11-15 18:22 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2013-11-15 18:22 . 2010-11-20 12:21 30208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2013-11-15 18:22 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-11-15 18:22 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-11-15 18:22 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-11-15 18:22 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2013-11-15 18:22 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-11-15 18:12 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2013-11-15 18:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-11-15 18:04 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-11-15 18:04 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2013-11-15 17:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-11-15 17:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-11-15 17:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-15 17:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-11-15 17:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-11-15 17:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-11-15 17:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-11-15 17:54 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-11-15 17:54 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-11-15 16:23 . 2013-11-15 16:23 17 --sh--r- c:\windows\system32\drivers\fbd.sys
2013-11-15 16:22 . 2013-11-17 15:01 -------- d-----w- c:\users\Kath
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 01:41 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-11-16 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico /auto [2013-11-16 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 taisregispinger;taisregispinger;c:\program files\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 210304]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-16 108032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-15 1343400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 9216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-06-20 1117800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.eset.com/us/online-scanner/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-20 07:42:22
ComboFix-quarantined-files.txt 2013-11-20 11:42
ComboFix2.txt 2013-11-20 02:29
ComboFix3.txt 2013-11-20 00:28
ComboFix4.txt 2013-11-19 23:07
ComboFix5.txt 2013-11-20 02:45
.
Pre-Run: 277,713,903,616 bytes free
Post-Run: 277,654,192,128 bytes free
.
- - End Of File - - 5CD0CD7FB434EAD1530F98DA7248AF2C
5B5E648D12FCADC244C1EC30318E1EB9

kevinf80 · November 21, 2013

download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe ( 4.5MB ) save to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to “download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat zip up that file and attach to your reply...

Next,

download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version

Make sure to get the correct version for your system.
Quit all running programs
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
The following EULA will appear, please select accept
Ensure MBR scan, Check faked and AntiRootkit are checked
Select Scan
When the scan completes select Report, copy and paste that to your reply.
The log should be found in RKreport[?].txt on your Desktop
Exit/Close RogueKiller

Kevin

Bizness · November 22, 2013

I twice tried to run a full scan of drive c: with AWSMBR but Windows reported the anti-rootkit software stopped due to errors. I hope the Quickscan is all you need.

The site would not let me upload a "dat" file so I renamed the upload to MBR.txt

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-22 10:07:50
-----------------------------
10:07:50.890    OS Version: Windows 6.1.7601 Service Pack 1
10:07:50.890    Number of processors: 2 586 0x170A
10:07:50.890    ComputerName: KATH-LAPTOP UserName: Kath
10:07:52.419    Initialize success
10:08:24.321    AVAST engine defs: 13112200
10:08:36.567    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:08:36.567    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
10:08:37.019    Disk 0 MBR read successfully
10:08:37.035    Disk 0 MBR scan
10:08:37.035    Disk 0 Windows VISTA default MBR code
10:08:37.082    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
10:08:37.113    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       295617 MB offset 3074048
10:08:37.191    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8127 MB offset 608497664
10:08:37.222    Disk 0 scanning sectors +625141760
10:08:37.940    Disk 0 scanning C:\windows\system32\drivers
10:09:25.863    Service scanning
10:09:53.303    Modules scanning
10:10:49.120    Disk 0 trace - called modules:
10:10:49.167    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
10:10:49.183    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b99030]
10:10:49.198    3 CLASSPNP.SYS[8a5a359e] -> nt!IofCallDriver -> \Device\THPDRV1[0x85b973e8]
10:10:49.214    5 thpdrv.sys[8a7f599f] -> nt!IofCallDriver -> [0x84de6410]
10:10:49.214    7 ACPI.sys[89ed03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84dd3028]
10:10:50.852    AVAST engine scan C:\windows
10:11:22.302    AVAST engine scan C:\windows\system32
10:16:16.830    AVAST engine scan C:\windows\system32\drivers
10:16:41.229    AVAST engine scan C:\Users\Kath
10:20:29.941    AVAST engine scan C:\ProgramData
10:20:43.185    Scan finished successfully
10:21:15.945    Disk 0 MBR has been saved successfully to "C:\Users\Kath\Desktop\MBR.dat"
10:21:15.961    The log file has been saved successfully to "C:\Users\Kath\Desktop\aswMBR.txt"

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Kath [Admin rights]
Mode : Scan -- Date : 11/22/2013 10:27:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 7a9aaa5e051943679704a86ec980b5ea
[bSP] d194f4ed7361aa3dcee1eda4204cc706 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295617 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608497664 | Size: 8127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11222013_102746.txt >>

MBR.txt

kevinf80 · November 22, 2013

Please download the latest version of TDSSKiller from here:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan will be quick.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin

Bizness · November 22, 2013

Nothing found with TDSS. Got the message that the post was too long when I tried to copy and paste the log so I have attached it.

TDSSKiller.3.0.0.19_22.11.2013_17.35.30_log.txt

kevinf80 · November 22, 2013

What exactly is happening with your system regarding issues/concerns, give me update please....

Bizness · November 23, 2013

I am testing it out now. Windows update is OK. I installed Windows Security Essentials just have an anti-virus running. Normally the problem doesn't occur until it has been running for a few hours. I will update again tomorrow.

kevinf80 · November 23, 2013

Ok, thank you....

Bizness · November 23, 2013

So far, so good! The real proof seems to be in my wife's Facebook use. She plays 3 Zynga games, TX Hold'em Poker, Candy Crush, and Farkle.

If I have any problems beyond this I will make a new post.

T

Bizness · November 23, 2013

Oops, the last line was supposed to be.

THANK YOU!!

kevinf80 · November 23, 2013

Thanks for the update, run the following to clean up tools etc..

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
Double click icon to start the program.
If you are using Vista or Windows 7 accept UAC
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.
This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

Finally,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Kevin

fixlist.txt

Rootkit?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information