Sirefef Virus

Solved
By Shutterbug
Apr 24, 2013
  1. I was searching a Mexican resturaunt site when a window opened that looked to be running a virus scan by a software that I do own. I wasn't able to open task manager or windows security essentials. I rebooted a few times before I was able to open security essentials which is how I was able to determine I have the Sirefef virus. I will run the preliminary removal steps and post the logs.
  2. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.04.24.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]
    Protection: Enabled
    4/24/2013 5:33:22 AM
    mbam-log-2013-04-24 (05-33-22).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224079
    Time elapsed: 18 minute(s), 40 second(s)
    Memory Processes Detected: 1
    C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe (Trojan.Agent.ED) -> 4228 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yeihvp (Trojan.Agent.ED) -> Data: "C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe" -> Quarantined and deleted successfully.
    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 7
    C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe (Trojan.Agent.ED) -> Delete on reboot.
    C:\ProgramData\2EDBAA6B18AAF2BD00002EDB7B93F717\2EDBAA6B18AAF2BD00002EDB7B93F717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\mjcenxdb.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\Temp\01366725577297.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\Temp\msimg32.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-3484798978-2103683542-120407626-1000\$R6CD07204 (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\User\5624716.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    (end)
  3. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.4.1
    Run by User at 6:00:22 on 2013-04-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2343 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
    C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
    C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\x64\snapCmd.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\vssvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
    uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    BHO: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Coupons.com Toolbar: {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
    TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler
    uRun: [PaperPortAnywhere] "C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe" /c "C:\Program Files (x86)\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe"
    uRun: [emphino] "C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe"
    mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    mRun: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
    mRun: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe
    mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe
    mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOVABA~1.LNK - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: google-analytics.com
    Trusted Zone: novastor.com
    Trusted Zone: novastor.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{3197978C-19DE-43B7-9DF0-AC3E1D7C068B} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-2-16 482384]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-16 203264]
    R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2011-2-15 20544]
    R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2011-7-31 42504]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]
    R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
    R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-4-15 261256]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-2-15 57344]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-2-15 55296]
    R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
    R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-5-3 8704]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-2-15 32832]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-21 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-16 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-04-24 09:32:00 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
    2013-04-24 09:31:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-04-24 09:31:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-04-24 09:31:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 09:31:07 -------- d-----w- C:\Users\User\AppData\Local\Programs
    2013-04-23 14:01:04 -------- d-----w- C:\ProgramData\2EDBAA6B18AAF2BD00002EDB7B93F717
    2013-04-23 13:02:34 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{017E879C-3E9E-49A5-85B3-1FB09E6B86D0}\mpengine.dll
    2013-04-22 12:48:21 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-04-11 13:55:19 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenu
    2013-04-10 16:12:17 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-10 16:12:12 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 16:12:09 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-10 16:11:41 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-10 16:11:40 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-10 16:11:39 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-10 16:11:39 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-10 16:11:38 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-10 16:11:38 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-03 19:32:51 -------- d-----w- C:\ProgramData\CanonIJ
    2013-04-03 19:30:11 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
    2013-04-03 19:30:04 -------- d-----w- C:\ProgramData\CanonIJPLM
    2013-04-03 19:28:04 -------- d-----w- C:\Program Files\Canon
    2013-04-03 19:14:41 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
    2013-03-26 00:35:38 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    .
    ==================== Find3M ====================
    .
    2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    .
    ============= FINISH: 6:02:43.55 ===============
  4. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/16/2011 11:38:05 AM
    System Uptime: 4/24/2013 5:55:38 AM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 287.19 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP211: 3/6/2013 11:40:48 PM - Windows Update
    RP212: 3/10/2013 2:40:22 AM - Windows Update
    RP213: 3/14/2013 2:22:21 AM - Windows Update
    RP214: 3/14/2013 3:00:24 AM - Windows Update
    RP215: 3/17/2013 2:56:21 PM - Windows Update
    RP216: 3/20/2013 3:57:48 PM - Windows Update
    RP217: 3/24/2013 4:36:18 PM - Windows Update
    RP218: 3/26/2013 3:00:11 AM - Windows Update
    RP219: 3/29/2013 9:52:30 AM - Windows Update
    RP220: 4/2/2013 8:06:56 AM - Windows Update
    RP221: 4/5/2013 4:10:25 PM - Windows Update
    RP222: 4/9/2013 7:57:32 AM - Windows Update
    RP223: 4/11/2013 9:33:46 AM - Windows Update
    RP224: 4/14/2013 2:32:57 PM - Windows Update
    RP225: 4/18/2013 4:59:53 PM - Windows Update
    RP226: 4/22/2013 8:47:48 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Amazon Links
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Bonjour
    BUFFALO LinkStation(LX-WXL) Setup Guide
    BUFFALO NAS Navigator2
    Canon MP Navigator EX 2.0
    Canon MP240 series MP Drivers
    Canon MP240 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Coupon Alert
    Coupon Printer for Windows
    Coupons.com Toolbar
    CyberLink PowerCinema for TOSHIBA
    Direct DiscRecorder
    Dolby Control Center
    DVD MovieFactory for TOSHIBA
    exPressit S.E. 2.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    HTC BMP USB Driver
    HTC Driver Installer
    iCloud
    Inkjet Printer/Scanner Extended Survey Program
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 11
    Java(TM) 7 Update 4
    Java(TM) 7 Update 4 (64-bit)
    JavaFX 2.1.0
    LightScribe 1.4.124.1
    LSI V92 MOH Application
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Netzero Internet Access Installer
    NovaBACKUP
    Nuance PaperPort 14
    Nuance PDF Create 7
    Nuance PDF Viewer Plus
    PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
    PaperPort Image Printer 64-bit
    Picasa 2
    PlayReady PC runtime
    QuickBooks Financial Center
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    RICOH R5U230 Media Driver ver.2.02.02.01
    Scansoft PDF Create
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    ShopAtHome.com Toolbar
    Skype Launcher
    Synaptics Pointing Device Driver
    TOSHIBA Agreement Notification Utility
    Toshiba Application Installer
    TOSHIBA Assist
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    Toshiba Quality Application
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    Toshiba Resources Page
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Upgrade Assistant
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WildTangent Games
    Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/24/2013 6:01:38 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    4/24/2013 5:56:07 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    4/24/2013 5:56:07 AM, Error: atikmdag [43029] - Display is not active
    .
    ==== End Of File ===========================
  5. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    CORRECTION

    I was searching a Mexican resturaunt site when a window opened that looked to be running a virus scan by a software that I do NOT own. I wasn't able to open task manager or windows security essentials. I rebooted a few times before I was able to open security essentials which is how I was able to determine I have the Sirefef virus. I will run the preliminary removal steps and post the logs.
  6. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  7. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Remove -- Date : 04/24/2013 20:46:11
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : PaperPortAnywhere ("C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe" /c "C:\Program Files (x86)\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe") [x] -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : emphino ("C:\Users\User\AppData\Roaming\Microsoft\Ozndjspl\ozndjspl.exe") [x] -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3484798978-2103683542-120407626-1000\$6a4f4c067169009323a5b267429cc5e0\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3484798978-2103683542-120407626-1000\$6a4f4c067169009323a5b267429cc5e0\L --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500420AS ATA Device +++++
    --- User ---
    [MBR] 3196cd45a1d27567c683b965cfae27df
    [BSP] ab1114f3878fe2662f204cca17cca1d8 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464951 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955293696 | Size: 10488 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_04242013_02d2046.txt >>
    RKreport[1]_S_04242013_02d2043.txt ; RKreport[2]_D_04242013_02d2046.txt
  8. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org
    Database version: v2013.04.24.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]
    4/24/2013 10:00:37 PM
    mbar-log-2013-04-24 (22-00-37).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 33356
    Time elapsed: 21 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  9. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

  10. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    system-log.txt?
  11. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    I am having trouble posting the system log. The browser "hangs" once I paste the log file contents. I wait and I get the the "browser not responding" click "recover" message. I have been trying to post it mbar log. I did a "test post" just to verfiy I can post a reply. I've rebooted and tried posting the file again this morning several times with no success. I will continue to try. Any suggestions or alternate solutions?
     
  12. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_11
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4292861952, free: 2319466496
    ------------ Kernel report ------------
    04/24/2013 20:55:37
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtHDMIVX.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\msctf.dll
    ----------- End -----------
  13. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004c22790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa8004a9a680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    Downloaded database version: v2013.04.24.10
    Downloaded database version: v2013.04.22.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004c22790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004c23040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004c22790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004c20060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa8004748670, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004a9a680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0176ae540, 0xfffffa8004c22790, 0xfffffa8008062630
    Lower DeviceData: 0xfffff8a003c4c310, 0xfffffa8004a9a680, 0xfffffa8008648b30
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 89D43A11
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 952219648
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955293696 Numsec = 21479424
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Infected: c:\$Recycle.Bin\S-1-5-21-3484798978-2103683542-120407626-1000\$6a4f4c067169009323a5b267429cc5e0 --> [Trojan.Siredef.C]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Executing an action fixdamage.exe...
    Success!
    Removal successful. No system shutdown is required.
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_11
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4292861952, free: 2782908416
    Removal queue found; removal started
    Removing c:\$Recycle.Bin\S-1-5-21-3484798978-2103683542-120407626-1000\$6a4f4c067169009323a5b267429cc5e0...
    Removal finished
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_11
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4292861952, free: 2709475328
    ------------ Kernel report ------------
    04/24/2013 21:39:03
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtHDMIVX.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\normaliz.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004864060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa80046d3060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004862060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa80046cf520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80046d3060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a011cd7d80, 0xfffffa8004864060, 0xfffffa8006c2d090
    Lower DeviceData: 0xfffff8a011c46580, 0xfffffa80046d3060, 0xfffffa800405c2e0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 89D43A11
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 952219648
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955293696 Numsec = 21479424
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_11
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4292861952, free: 2627534848
    ------------ Kernel report ------------
    04/24/2013 22:04:43
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtHDMIVX.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\normaliz.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004864060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa80046d3060
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xfffffa800405c2e0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004862060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa80046cf520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80046d3060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a003720980, 0xfffffa8004864060, 0xfffffa8006c2d090
    Lower DeviceData: 0xfffff8a014a63a90, 0xfffffa80046d3060, 0xfffffa800405c2e0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 89D43A11
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 952219648
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955293696 Numsec = 21479424
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Scan Interrupted
    Done!
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_11
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 4292861952, free: 2937884672
    Removal queue found; removal started
    Removing c:\$Recycle.Bin\S-1-5-21-3484798978-2103683542-120407626-1000\$6a4f4c067169009323a5b267429cc5e0...
    Removal finished
    =======================================
  14. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Finally! I had to break in to two parts.
  15. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Good :)

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Sorry for the delayed response since last post. I've had issues getting combofix to run. Initially, it would cuase a BSOD even after downloading the from the other alternative sites. So, I followed the instructions in the section under "if combofix refuses t run". I hda to run rkill from the second link and still recieved errors while it ran. Here are few examples of the errors I would receive:

    Warning:error saving file c:\windows\erdnt|hiv-backup\bcd!
    [recreatekeyex:5-access denied]

    I clicked "yes" to continue to next file

    Next error:
    Warning:error saving file c:\windows\erdnt|hiv-backup\system!
    [recreatekeyex:5-access denied]

    I clicked "yes" to continue to next file


    Next error:
    Warning:error saving file c:\windows\erdnt|hiv-backup\software!
    [recreatekeyex:5-access denied]

    I clicked "yes" to continue to next file

    Next error:
    Warning:error saving file c:\windows\erdnt|hiv-backup\default!
    [recreatekeyex:5-access denied]

    I clicked "yes" to continue to next file

    This went on for several more iterations but, you get the picture.

    I will attach the rkill log as well the combofix log in separate posts.
  17. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 04/28/2013 08:47:57 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic
    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic
    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic
    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic
    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic
    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual
    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual
    * NetBT (NetBT) is not Running.
    Startup Type set to: System
    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System
    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System
    * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * HOSTS file entries found:
    127.0.0.1 localhost
    ::1 localhost
    Program finished at: 04/28/2013 08:48:11 AM
    Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
  18. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    I ran combofix in safe mode. I recall a notepad opening with a log file. I rebooted so I would have internet access and now I can't find the log file. Could it be possible it didn't save or the app did not run to completion as I thought?
  19. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Did you check in: "C:\ComboFix.txt"
    If it's not there re-run rKill and Combofix from safe mode one more time.
  20. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Re-ran as requested. rkill does run to completion and log posted below. Combofix is not running to completion as thought. After clicking "continue" to all the warning messages I thought a log was produced but, that is not the case. I ran it 3 times to be sure.

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 04/28/2013 03:00:54 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    * BFE (BFE) is not Running.
    Startup Type set to: Manual
    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic
    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic
    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic
    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic
    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual
    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual
    * NetBT (NetBT) is not Running.
    Startup Type set to: System
    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System
    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System
    * BFE => . [Incorrect ImagePath]
    * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * HOSTS file entries found:
    127.0.0.1 localhost
    ::1 localhost
    Program finished at: 04/28/2013 03:01:06 PM
    Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
  21. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
  22. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-04-2013 02
    Ran by User (administrator) on 28-04-2013 15:51:56
    Running from C:\Users\User\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    (COMPANYVERS_NAME) C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    (NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
    (TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    (Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Farbar) C:\Users\User\Desktop\FRST64.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon [x]
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-03] (CANON INC.)
    HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-15] (Google Inc.)
    HKCU\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
    HKCU\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
    HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKLM-x32\...\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [143360 2009-02-16] (CyberLink Corp.)
    HKLM-x32\...\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe [263560 2009-03-28] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
    HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-31] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
    HKLM-x32\...\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [30568 2011-08-13] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46952 2011-08-13] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
    ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
    ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} - No File
    URLSearchHook: (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No File
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.mywebsearch.com/myweb...&n=77de8a5d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.mywebsearch.com/myweb...&n=77de8a5d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
    BHO-x32: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll (MindSpark)
    BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO-x32: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
    BHO-x32: ShopAtHome.com Toolbar - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
    Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File
    Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
    PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
    Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    ==================== Services (Whitelisted) =================
    S3 BFE; C:\Windows\SysWow64\. [0 2013-04-25] ()
    R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
    R2 CouponAlert_2pService; C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [42504 2011-07-31] (COMPANYVERS_NAME)
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-04-15] (NovaStor)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
    ==================== Drivers (Whitelisted) ====================
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\FRST
    2013-04-28 15:50 - 2013-04-28 15:50 - 01710472 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
    2013-04-28 15:05 - 2013-04-28 15:05 - 00000000 ____D C:\ComboFix
    2013-04-28 15:01 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill3.txt
    2013-04-28 08:49 - 2013-04-28 15:05 - 00000000 ___SD C:\32788R22FWJFW
    2013-04-28 08:44 - 2013-04-28 08:44 - 05056640 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
    2013-04-28 08:43 - 2013-04-28 08:43 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill2.exe
    2013-04-28 08:35 - 2013-04-28 08:35 - 00274776 ____A C:\Windows\Minidump\042813-24273-01.dmp
    2013-04-25 16:22 - 2013-04-25 16:23 - 00000000 ___SD C:\Larry2471L
    2013-04-25 16:15 - 2013-04-25 16:15 - 00000000 ____D C:\Larry3782L
    2013-04-25 16:13 - 2013-04-25 16:13 - 00000000 ____D C:\Larry
    2013-04-25 16:10 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill.txt
    2013-04-25 16:10 - 2013-04-25 16:10 - 00000000 ____D C:\Users\User\Desktop\rkill
    2013-04-25 16:07 - 2013-04-25 16:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
    2013-04-25 15:58 - 2013-04-25 15:58 - 00274776 ____A C:\Windows\Minidump\042513-75442-01.dmp
    2013-04-25 15:54 - 2013-04-25 15:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-04-25 15:46 - 2013-04-25 15:46 - 00274776 ____A C:\Windows\Minidump\042513-32089-01.dmp
    2013-04-25 15:42 - 2013-04-25 15:42 - 00274776 ____A C:\Windows\Minidump\042513-23244-01.dmp
    2013-04-25 15:39 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-04-25 15:39 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-04-25 15:39 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-04-25 15:39 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-04-25 15:39 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-04-25 15:39 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
    2013-04-25 15:39 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
    2013-04-25 15:39 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
    2013-04-25 15:38 - 2013-04-28 15:05 - 00000000 ____D C:\Windows\erdnt
    2013-04-25 15:38 - 2013-04-25 15:39 - 00000000 ____D C:\Qoobox
    2013-04-24 20:53 - 2013-04-24 20:53 - 00000000 ____D C:\Users\User\Documents\mbar-1.05.0.1001
    2013-04-24 20:46 - 2013-04-24 20:46 - 00002384 ____A C:\Users\User\Desktop\RKreport[2]_D_04242013_02d2046.txt
    2013-04-24 20:43 - 2013-04-24 20:43 - 00002730 ____A C:\Users\User\Desktop\RKreport[1]_S_04242013_02d2043.txt
    2013-04-24 20:40 - 2013-04-24 20:44 - 00000000 ____D C:\Users\User\Desktop\RK_Quarantine
    2013-04-24 20:40 - 2013-04-24 20:40 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
    2013-04-24 06:02 - 2013-04-24 06:02 - 00021693 ____A C:\Users\User\Desktop\dds.txt
    2013-04-24 06:02 - 2013-04-24 06:02 - 00011879 ____A C:\Users\User\Desktop\attach.txt
    2013-04-24 05:47 - 2013-04-24 05:47 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
    2013-04-24 05:36 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-24 05:32 - 2013-04-24 05:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
    2013-04-24 05:31 - 2013-04-24 05:31 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-24 05:31 - 2013-04-24 05:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 05:31 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-24 05:29 - 2013-04-24 05:29 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.75.0.1300.exe
    2013-04-23 10:07 - 2013-04-23 10:07 - 00002059 ____A C:\Users\User\Desktop\System Care Antivirus.lnk
    2013-04-11 09:34 - 2013-02-22 02:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-04-11 09:34 - 2013-02-22 02:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-04-11 09:34 - 2013-02-22 02:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-04-11 09:34 - 2013-02-22 02:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-04-11 09:34 - 2013-02-22 02:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-04-11 09:34 - 2013-02-22 02:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-04-11 09:34 - 2013-02-22 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-04-11 09:34 - 2013-02-22 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-04-11 09:34 - 2013-02-22 02:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-04-11 09:34 - 2013-02-22 02:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-04-11 09:34 - 2013-02-22 02:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-04-11 09:34 - 2013-02-22 02:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-04-11 09:34 - 2013-02-22 02:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-04-11 09:34 - 2013-02-22 02:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-04-11 09:34 - 2013-02-22 02:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-04-11 09:34 - 2013-02-22 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-04-11 09:34 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-04-11 09:34 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-04-11 09:34 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-04-11 09:34 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-04-11 09:34 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-04-11 09:34 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-04-11 09:34 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-04-11 09:34 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-04-11 09:34 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-04-11 09:34 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-04-11 09:34 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-04-11 09:34 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-04-11 09:34 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-04-11 09:34 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-04-11 09:34 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-04-11 09:34 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-04-10 12:12 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-04-10 12:12 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-04-10 12:11 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-04-10 12:11 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-04-10 12:11 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-04-10 12:11 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-04-10 12:11 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-04-10 12:11 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-04-03 15:29 - 2013-04-03 15:29 - 00002065 ____A C:\Users\Public\Desktop\Canon MP240 series User Registration.LNK
    2013-04-03 15:28 - 2013-04-03 15:28 - 00001775 ____A C:\Users\Public\Desktop\My Printer.lnk
    2013-04-03 15:28 - 2013-04-03 15:28 - 00000000 ____D C:\Program Files\Canon
    2013-04-03 15:25 - 2013-04-03 15:25 - 00002104 ____A C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
    2013-04-03 15:24 - 2013-04-03 15:24 - 00002106 ____A C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
    2013-04-03 15:23 - 2013-04-03 15:23 - 00002341 ____A C:\Users\Public\Desktop\MP240 series On-screen Manual.lnk
    2013-04-03 15:22 - 2013-04-03 15:22 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
    2013-04-03 15:21 - 2013-04-03 15:21 - 00000000 ___HD C:\Program Files\CanonBJ
    ==================== One Month Modified Files and Folders =======
    2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\FRST
    2013-04-28 15:50 - 2013-04-28 15:50 - 01710472 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
    2013-04-28 15:13 - 2011-02-15 21:38 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-28 15:13 - 2011-02-15 21:38 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-28 15:10 - 2009-07-14 01:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-28 15:09 - 2011-02-15 21:57 - 01744753 ____A C:\Windows\WindowsUpdate.log
    2013-04-28 15:06 - 2011-02-15 18:18 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-04-28 15:06 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-28 15:06 - 2009-07-14 00:51 - 00705454 ____A C:\Windows\setupact.log
    2013-04-28 15:05 - 2013-04-28 15:05 - 00000000 ____D C:\ComboFix
    2013-04-28 15:05 - 2013-04-28 08:49 - 00000000 ___SD C:\32788R22FWJFW
    2013-04-28 15:05 - 2013-04-25 15:38 - 00000000 ____D C:\Windows\erdnt
    2013-04-28 15:01 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill3.txt
    2013-04-28 15:01 - 2013-04-25 16:10 - 00004818 ____A C:\Users\User\Desktop\Rkill.txt
    2013-04-28 14:57 - 2011-03-05 10:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-04-28 08:54 - 2013-02-23 12:48 - 00000000 ____D C:\Backup
    2013-04-28 08:44 - 2013-04-28 08:44 - 05056640 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
    2013-04-28 08:43 - 2013-04-28 08:43 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill2.exe
    2013-04-28 08:35 - 2013-04-28 08:35 - 00274776 ____A C:\Windows\Minidump\042813-24273-01.dmp
    2013-04-28 08:35 - 2013-02-15 10:21 - 00000000 ____D C:\Windows\Minidump
    2013-04-28 08:35 - 2013-02-15 10:20 - 427969370 ____A C:\Windows\MEMORY.DMP
    2013-04-25 16:23 - 2013-04-25 16:22 - 00000000 ___SD C:\Larry2471L
    2013-04-25 16:15 - 2013-04-25 16:15 - 00000000 ____D C:\Larry3782L
    2013-04-25 16:13 - 2013-04-25 16:13 - 00000000 ____D C:\Larry
    2013-04-25 16:10 - 2013-04-25 16:10 - 00000000 ____D C:\Users\User\Desktop\rkill
    2013-04-25 16:07 - 2013-04-25 16:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
    2013-04-25 15:58 - 2013-04-25 15:58 - 00274776 ____A C:\Windows\Minidump\042513-75442-01.dmp
    2013-04-25 15:54 - 2013-04-25 15:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-04-25 15:54 - 2012-05-15 16:16 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-04-25 15:54 - 2012-05-15 16:16 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-04-25 15:54 - 2012-05-15 16:16 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-04-25 15:54 - 2009-05-03 02:34 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-04-25 15:54 - 2009-05-03 02:34 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-04-25 15:54 - 2009-05-03 02:34 - 00000000 ____D C:\Program Files (x86)\Java
    2013-04-25 15:46 - 2013-04-25 15:46 - 00274776 ____A C:\Windows\Minidump\042513-32089-01.dmp
    2013-04-25 15:42 - 2013-04-25 15:42 - 00274776 ____A C:\Windows\Minidump\042513-23244-01.dmp
    2013-04-25 15:41 - 2011-02-15 21:50 - 00289674 ____A C:\Windows\PFRO.log
    2013-04-25 15:39 - 2013-04-25 15:38 - 00000000 ____D C:\Qoobox
    2013-04-24 20:53 - 2013-04-24 20:53 - 00000000 ____D C:\Users\User\Documents\mbar-1.05.0.1001
    2013-04-24 20:46 - 2013-04-24 20:46 - 00002384 ____A C:\Users\User\Desktop\RKreport[2]_D_04242013_02d2046.txt
    2013-04-24 20:44 - 2013-04-24 20:40 - 00000000 ____D C:\Users\User\Desktop\RK_Quarantine
    2013-04-24 20:43 - 2013-04-24 20:43 - 00002730 ____A C:\Users\User\Desktop\RKreport[1]_S_04242013_02d2043.txt
    2013-04-24 20:40 - 2013-04-24 20:40 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
    2013-04-24 06:02 - 2013-04-24 06:02 - 00021693 ____A C:\Users\User\Desktop\dds.txt
    2013-04-24 06:02 - 2013-04-24 06:02 - 00011879 ____A C:\Users\User\Desktop\attach.txt
    2013-04-24 05:47 - 2013-04-24 05:47 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
    2013-04-24 05:32 - 2013-04-24 05:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
    2013-04-24 05:31 - 2013-04-24 05:31 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-04-24 05:31 - 2013-04-24 05:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-24 05:29 - 2013-04-24 05:29 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.75.0.1300.exe
    2013-04-24 05:21 - 2011-10-17 20:30 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
    2013-04-23 10:07 - 2013-04-23 10:07 - 00002059 ____A C:\Users\User\Desktop\System Care Antivirus.lnk
    2013-04-17 08:00 - 2012-08-26 10:10 - 00000000 ____D C:\Users\User\Documents\5th Grade
    2013-04-12 10:45 - 2013-04-24 05:36 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-11 09:58 - 2009-07-14 00:45 - 00456400 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-04-11 09:37 - 2011-02-16 17:06 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-04-04 14:50 - 2013-04-24 05:31 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-04-03 15:30 - 2011-05-15 09:39 - 00000000 ____D C:\Program Files (x86)\Canon
    2013-04-03 15:29 - 2013-04-03 15:29 - 00002065 ____A C:\Users\Public\Desktop\Canon MP240 series User Registration.LNK
    2013-04-03 15:28 - 2013-04-03 15:28 - 00001775 ____A C:\Users\Public\Desktop\My Printer.lnk
    2013-04-03 15:28 - 2013-04-03 15:28 - 00000000 ____D C:\Program Files\Canon
    2013-04-03 15:25 - 2013-04-03 15:25 - 00002104 ____A C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
    2013-04-03 15:24 - 2013-04-03 15:24 - 00002106 ____A C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
    2013-04-03 15:23 - 2013-04-03 15:23 - 00002341 ____A C:\Users\Public\Desktop\MP240 series On-screen Manual.lnk
    2013-04-03 15:22 - 2013-04-03 15:22 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
    2013-04-03 15:21 - 2013-04-03 15:21 - 00000000 ___HD C:\Program Files\CanonBJ
    2013-04-02 06:34 - 2011-02-15 22:17 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    Last Boot: 2013-04-14 17:53
    ==================== End Of Log ============================
  23. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2013 02
    Ran by User at 2013-04-28 15:53:06 Run:
    Running from C:\Users\User\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Installed Programs =======================
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com (Version: 1.6.65)
    Adobe AIR (Version: 3.2.0.2070)
    Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
    Adobe Reader X (10.1.3) (Version: 10.1.3)
    Amazon Links (Version: 1.0)
    Apple Application Support (Version: 2.3.3)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    ATI Catalyst Install Manager (Version: 3.0.732.0)
    Bonjour (Version: 3.0.0.10)
    BUFFALO LinkStation(LX-WXL) Setup Guide
    BUFFALO NAS Navigator2
    Canon MP Navigator EX 2.0
    Canon MP240 series MP Drivers
    Canon MP240 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Core Implementation (Version: 2009.0729.2238.38827)
    Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2238.38827)
    Catalyst Control Center Graphics Full New (Version: 2009.0729.2238.38827)
    Catalyst Control Center Graphics Light (Version: 2009.0729.2238.38827)
    Catalyst Control Center Graphics Previews Vista (Version: 2009.0729.2238.38827)
    Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832)
    Catalyst Control Center InstallProxy (Version: 2009.0729.2238.38827)
    Catalyst Control Center Localization All (Version: 2009.0729.2238.38827)
    CCC Help Chinese Standard (Version: 2009.0729.2237.38827)
    CCC Help Chinese Traditional (Version: 2009.0729.2237.38827)
    CCC Help Czech (Version: 2009.0729.2237.38827)
    CCC Help Danish (Version: 2009.0729.2237.38827)
    CCC Help Dutch (Version: 2009.0729.2237.38827)
    CCC Help English (Version: 2009.0729.2237.38827)
    CCC Help Finnish (Version: 2009.0729.2237.38827)
    CCC Help French (Version: 2009.0729.2237.38827)
    CCC Help German (Version: 2009.0729.2237.38827)
    CCC Help Greek (Version: 2009.0729.2237.38827)
    CCC Help Hungarian (Version: 2009.0729.2237.38827)
    CCC Help Italian (Version: 2009.0729.2237.38827)
    CCC Help Japanese (Version: 2009.0729.2237.38827)
    CCC Help Korean (Version: 2009.0729.2237.38827)
    CCC Help Norwegian (Version: 2009.0729.2237.38827)
    CCC Help Polish (Version: 2009.0729.2237.38827)
    CCC Help Portuguese (Version: 2009.0729.2237.38827)
    CCC Help Russian (Version: 2009.0729.2237.38827)
    CCC Help Spanish (Version: 2009.0729.2237.38827)
    CCC Help Swedish (Version: 2009.0729.2237.38827)
    CCC Help Thai (Version: 2009.0729.2237.38827)
    CCC Help Turkish (Version: 2009.0729.2237.38827)
    ccc-core-static (Version: 2009.0729.2238.38827)
    ccc-utility64 (Version: 2009.0729.2238.38827)
    Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
    Coupon Alert
    Coupon Printer for Windows (Version: 5.0.0.1)
    Coupons.com Toolbar (Version: 6.3.3.3)
    CyberLink PowerCinema for TOSHIBA (Version: 6.0.2616a)
    Direct DiscRecorder (Version: 1.00.0000)
    Dolby Control Center (Version: 2.2.1)
    DVD MovieFactory for TOSHIBA (Version: 7.0.0)
    exPressit S.E. 2.1
    Google Toolbar for Internet Explorer (Version: 1.0.0)
    Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
    Google Update Helper (Version: 1.3.21.135)
    HTC BMP USB Driver (Version: 1.0.5375)
    HTC Driver Installer (Version: 3.0.0.021)
    iCloud (Version: 2.1.1.3)
    Inkjet Printer/Scanner Extended Survey Program
    iTunes (Version: 11.0.2.25)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.5)
    Java(TM) 6 Update 11 (Version: 6.0.110)
    Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
    JavaFX 2.1.0 (Version: 2.1.0)
    LightScribe 1.4.124.1 (Version: 1.4.124.1)
    LSI V92 MOH Application
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Office Suite Activation Assistant (Version: 2.9)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (Version: 9.0.30729.4048)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (Version: 9.0.30729.4048)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Works (Version: 9.7.0621)
    MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
    MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
    MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
    MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
    Netzero Internet Access Installer (Version: 1.0.Q1.09)
    NovaBACKUP (Version: 11.1.14)
    Nuance PaperPort 14 (Version: 14.0.0000)
    Nuance PDF Create 7 (Version: 7.10.2364)
    Nuance PDF Viewer Plus (Version: 7.10.3211)
    PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (Version: 1.1.4241.14593)
    PaperPort Image Printer 64-bit (Version: 14.00.0001)
    Picasa 2 (Version: 2.0)
    PlayReady PC runtime (Version: 1)
    QuickBooks Financial Center (Version: 1.10.0000)
    Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0004)
    Realtek High Definition Audio Driver (Version: 6.0.1.5904)
    RICOH R5U230 Media Driver ver.2.02.02.01 (Version: 2.02.02.01)
    Scansoft PDF Create
    ShopAtHome.com Toolbar
    Skype Launcher (Version: 1.0)
    Synaptics Pointing Device Driver (Version: 12.2.10.0)
    TOSHIBA Agreement Notification Utility (Version: 1.0.11.0)
    Toshiba Application Installer (Version: 9.0.0.4)
    TOSHIBA Assist (Version: 3.00.08)
    TOSHIBA Disc Creator (Version: 2.0.1.3 for x64)
    TOSHIBA DVD PLAYER (Version: 3.01.0.11-AU)
    TOSHIBA eco Utility (Version: 1.0.2.64)
    TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
    TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
    TOSHIBA Face Recognition (Version: 3.0.4.64)
    TOSHIBA Hardware Setup (Version: 2.00.03)
    TOSHIBA HDD Protection (Version: 2.2.0.1)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
    TOSHIBA Internal Modem Region Select Utility (Version: )
    TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00)
    Toshiba Quality Application (Version: 1.001.0000)
    TOSHIBA Recovery Disc Creator (Version: 2.0.0.2 for x64)
    Toshiba Registration (Version: 1.00.0000)
    Toshiba Resources Page (Version: 1.0.2.1)
    TOSHIBA Software Modem (Version: 2.2.97)
    TOSHIBA Supervisor Password (Version: 2.00.02)
    TOSHIBA Upgrade Assistant (Version: 1.1.9)
    TOSHIBA USB Sleep and Charge Utility (Version: 1.2.1.0)
    TOSHIBA Value Added Package (Version: 1.2.28.64)
    TOSHIBA Web Camera Application (Version: 1.0.1.8)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WildTangent Games (Version: 1.0.0.66)
    Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (Version: 11/19/2006 1.0.0.3)
    ==================== Restore Points =========================
    07-03-2013 04:40:48 Windows Update
    10-03-2013 06:40:22 Windows Update
    14-03-2013 06:22:21 Windows Update
    14-03-2013 07:00:24 Windows Update
    17-03-2013 18:56:21 Windows Update
    20-03-2013 19:57:48 Windows Update
    24-03-2013 20:36:18 Windows Update
    26-03-2013 07:00:11 Windows Update
    29-03-2013 13:52:30 Windows Update
    02-04-2013 12:06:56 Windows Update
    05-04-2013 20:10:25 Windows Update
    09-04-2013 11:57:32 Windows Update
    11-04-2013 13:33:46 Windows Update
    14-04-2013 18:32:57 Windows Update
    18-04-2013 20:59:53 Windows Update
    22-04-2013 12:47:48 Windows Update
    25-04-2013 01:25:01 Malwarebytes Anti-Rootkit Restore Point
    25-04-2013 09:28:11 Windows Update
    25-04-2013 19:33:25 Restore point per tech support
    25-04-2013 19:54:02 Installed Java 7 Update 21
    28-04-2013 13:05:14 Windows Update
    ==================== Hosts content: ==========================
    ::1 localhost
    127.0.0.1 localhost

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (04/28/2013 03:07:43 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/28/2013 03:01:46 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/28/2013 08:55:42 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/28/2013 08:48:17 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/28/2013 08:37:24 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/25/2013 04:18:11 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/25/2013 04:11:32 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/25/2013 03:59:01 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/25/2013 03:48:09 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/25/2013 03:43:41 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (04/28/2013 03:06:12 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Firewall service depends on the BFE service which failed to start because of the following error:
    %%5
    Error: (04/28/2013 03:06:12 PM) (Source: Service Control Manager) (User: )
    Description: The BFE service failed to start due to the following error:
    %%5
    Error: (04/28/2013 03:05:57 PM) (Source: atikmdag) (User: )
    Description: Display is not active
    Error: (04/28/2013 03:05:57 PM) (Source: atikmdag) (User: )
    Description: CPLIB :: General - Invalid Parameter
    Error: (04/28/2013 03:03:25 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (04/28/2013 03:01:25 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (04/28/2013 03:01:25 PM) (Source: DCOM) (User: )
    Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
    Error: (04/28/2013 03:01:25 PM) (Source: DCOM) (User: )
    Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
    Error: (04/28/2013 03:00:39 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (04/28/2013 03:00:39 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2011-02-15 19:57:36.795
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:57:36.764
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:57:36.748
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:57:36.733
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:57:36.701
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:43:10.309
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:43:10.293
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:43:10.246
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:43:10.199
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2011-02-15 19:43:10.137
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Percentage of memory in use: 40%
    Total physical RAM: 4093.99 MB
    Available physical RAM: 2449.79 MB
    Total Pagefile: 8186.17 MB
    Available Pagefile: 6322.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
    ==================== Drives ================================
    Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:286.55 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: 89D43A11
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 454 GB 1501 MB
    Partition 3 Primary 10 GB 455 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI100343V0F NTFS Partition 454 GB Healthy System (partition with boot components)
    =========================================================
    Disk: 0
    Partition 3
    Type : 17
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    =========================================================
    ============================== MBR & Partition Table ==================
    ====================================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 89D43A11)
    Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Active) - (Size=454 GB) - (Type=07) (NTFS)
    Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
  24. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    That looks fine.

    How is computer doing at the moment?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  25. Shutterbug

    Shutterbug Newcomer, in training Topic Starter Posts: 43

    Computer seems to be fine; however, I haven't been using accept to perform the clean tasks at up to now. I wil lstart using more going forward.

    Running next set of tasks - logging pending.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.