Solved Virus scanner is blocked -- zeroaccess found and "cleaned"

techytroubles

Posts: 35   +0
Hi! This is my first time here, but I have seen the amazing things you all do to help others, I thought I would give it a shot. I have a Toshiba Satellite L505 with Win 7 64-bit Home Premium SP1 laptop. I didn't notice anything until a few days ago we were getting re-directed. It didn't occur to me that the virus scanner was disabled. We really don't use this computer much exept for pictures and web browsing, so I guess I don't check as often as I should :( This computer will also often bluescreen, but I'm pretty sure that is a driver/hardware thing, not a malware nasty.
I normally have Avast Internet Security and Malwarebytes running at all times, both with auto-updates. I didn't receive any messages about an attack (I hate the bugs that sneak past my protection!) So now the Avast service will not start up and my Malwarebytes protection is limited. Here are the things I've tried so far:
-I tried to scan with Avast and it immediately says its finished with no threats. MWB will go through and found an instance of backdoor.zeroaccess, but supposedly quarantined it. Since I couldn't run (or even uninstall) Avast, I disable all the services associated and installed the free version of Avira, which found some nasties for me on another computer some time back. I ran it an it found some other instances of threats, cleaned them and that was that. Still, I don't have access to my Avast services. I know it is bad to have multiple virus scanners on the system at once, but I wasn't able to use the Avast we paid for and I needed some sort of protection. I find it odd that I was able to install Avira and run a scan, but I still have limitations with Avast and MWB. If I try to go to the Avast website, Google hangs.
-I looked up zeroaccess and ran the Symantec tool as described but found nothing.
-I installed and ran SuperAntiSpyware (also used successfully somewhere else), but again it found nothing but some ad cookies and deleted them.
-I also tried a program called killtrojan (I think that was the name), but it didn't find anything and I uninstalled it.
-I disabled system restore and cleared prior restore points
-I ran the Oldtimers TempFileCleaner
I ran the GMER tool and it found no modifications, so I can't attach anything here.
Here are the logs I was able to get. Any help will be so greatly appreciated. I don't want to lose my pictures! :)

.Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2010 10:39:34 PM
System Uptime: 11/1/2012 11:37:35 AM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 127.358 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Internet Security
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Bonjour
CM-Uploader
Compatibility Pack for the 2007 Office system
Creative Memories Memory Manager 3
Creative Memories StoryBook Creator Plus
Creative Memories StoryBook Creator Plus 3
Crystal Reports 2008 Runtime SP1
D3DX10
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
Ebates Cash Back Toolbar
Expert PDF 7 Reader
Google Talk Plugin
Google Toolbar for Internet Explorer
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 11
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Karaoke Builder Player 3.0
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LeapFrog MyOwnLeaptop Plugin
LeapFrog Tag Junior Plugin
Lexmark 6500 Series
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.65.1.1000
MediaMonkey 4.0
Memory Manager 3 Service Update
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Photo Common
Photo Gallery
Picasa 3
PlayReady PC runtime
Primo
PrintMaster
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Runtime
Sage Integration Services
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Shockwave
Skype Launcher
Skype™ 5.10
SonicWALL Global VPN Client
Spybot - Search & Destroy
StoryBook Creator 4.0
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Upgrade Assistant
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
WildTangent Games
Windows 7 Upgrade Advisor
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/1/2012 11:38:18 AM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified.
11/1/2012 11:38:16 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/1/2012 11:38:16 AM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified.
11/1/2012 11:38:15 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/1/2012 11:38:14 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/1/2012 11:38:12 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/1/2012 11:38:10 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126
11/1/2012 11:07:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/1/2012 11:07:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/1/2012 11:07:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/1/2012 11:07:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/1/2012 11:07:19 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/1/2012 11:07:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/1/2012 11:07:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/1/2012 11:07:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi avipbb avkmgr discache SASDIFSV SASKUTIL spldr Wanarpv6
11/1/2012 11:06:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/1/2012 10:43:58 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.
11/1/2012 10:41:58 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/31/2012 3:34:05 PM, Error: Application Popup [1060] - \??\C:\Users\Alicia\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/31/2012 3:20:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
10/31/2012 3:00:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/31/2012 12:33:47 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/30/2012 8:33:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/30/2012 8:32:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 8:31:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr Wanarpv6
10/30/2012 8:09:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/30/2012 7:59:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswKbd aswSnx aswSP aswTdi discache spldr Wanarpv6
10/30/2012 12:57:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c8 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103012-89669-01.
10/30/2012 11:53:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 11:52:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/30/2012 11:52:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/30/2012 11:52:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswKbd aswRdr aswSnx aswSP aswTdi DfsC discache DNE NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx VWiFiFlt Wanarpv6 WfpLwf
10/30/2012 11:52:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2012 11:52:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 11:52:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 11:52:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 11:52:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2012 11:52:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2012 11:52:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2012 11:52:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2012 11:52:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 6:55:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/28/2012 7:52:23 PM, Error: Service Control Manager [7034] - The lxdf_device service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
I ran out of room for the additional files. Here are the other logs:

DDS.txt
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alicia at 12:08:46 on 2012-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2568 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdfserv.exe
C:\Windows\system32\lxdfcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {2d914c15-11e5-93b4-ad21-35ba2aec33c8} - C:\Program Files (x86)\Ebates Cash Back Toolbar\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Ebates Cash Back Toolbar BHO: {796E3F7C-B3A1-6094-41A6-21866FF2BAD6} - C:\Program Files (x86)\Ebates Cash Back Toolbar\Toolbar.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Ebates Cash Back Toolbar: {FC5405B9-EE85-8754-9D4F-9CC300948A6F} - C:\Program Files (x86)\Ebates Cash Back Toolbar\Toolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Ebates Cash Back Toolbar: {FC5405B9-EE85-8754-9D4F-9CC300948A6F} - C:\Program Files (x86)\Ebates Cash Back Toolbar\Toolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Lexmark 6500 Series] "C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe" /s
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: mswsock.dll
Trusted Zone: adp.com
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.cmphotocenter.com/is/BPImageEditor.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 192.168.1.111 192.168.1.110 4.2.2.2
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48} : DHCPNameServer = 192.168.1.111 192.168.1.110 4.2.2.2
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\0516D60756275646023416D6075627 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\26162677962756C6563737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [lxdfmon.exe] "C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe"
x64-Run: [lxdfamon] "C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-3-21 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2010-3-21 258904]
R0 FixZeroAccess;Zero Access Fixtool driver;C:\Windows\System32\drivers\FixZeroAccess.sys [2012-10-31 27256]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-17 53488]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2010-3-21 141144]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-30 28504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2010-3-21 819032]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-9-7 337240]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-31 27760]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-31 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-31 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-10-31 465360]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-9-7 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-9-7 69976]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2012-3-30 134920]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-31 98848]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-7-7 20544]
R2 lxdf_device;lxdf_device;C:\Windows\System32\lxdfcoms.exe -service --> C:\Windows\System32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdfserv.exe [2007-5-29 33712]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-30 676936]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2011-1-14 286504]
R2 SWIPsec;SonicWALL IPsec Driver;C:\Windows\System32\drivers\SWIPsec.sys [2012-6-22 100128]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-3-23 14472]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-5-3 8704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-14 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-7-7 32832]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-9-7 54136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-30 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 250808]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-7-5 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-8 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\System32\drivers\SWVNIC.sys [2010-1-23 24600]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
S4 PingTaisWz;PingTaisWz;C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [2010-3-20 236928]
S4 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-13 1153368]
.
=============== Created Last 30 ================
.
2012-10-31 19:34:04 -------- d-----w- C:\Users\Alicia\AppData\Roaming\f-secure
2012-10-31 19:33:55 -------- d-----w- C:\ProgramData\F-Secure
2012-10-31 19:00:32 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-10-31 04:40:14 -------- d-----w- C:\Users\Alicia\AppData\Local\AskToolbar
2012-10-31 04:40:07 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-10-31 04:33:26 -------- d-----w- C:\Users\Alicia\AppData\Roaming\Avira
2012-10-31 04:30:08 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-10-31 04:30:08 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-10-31 04:30:07 -------- d-----w- C:\ProgramData\Avira
2012-10-31 04:30:07 -------- d-----w- C:\Program Files (x86)\Avira
2012-10-31 00:09:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-31 00:07:13 -------- d-----w- C:\Users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
2012-10-31 00:07:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-30 23:13:50 -------- d-----w- C:\Users\Alicia\AppData\Roaming\Malwarebytes
2012-10-30 17:17:13 27136 ----a-w- C:\Windows\System32\rc4mon64.DLL
2012-10-28 23:53:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-26 21:51:55 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B7A6FE2-C352-4BC7-8792-D70D4D8E2A11}\mpengine.dll
2012-10-19 22:33:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-10-19 22:33:05 -------- d-----w- C:\Program Files\iPod
2012-10-19 22:33:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-19 22:33:04 -------- d-----w- C:\Program Files\iTunes
2012-10-19 22:33:04 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-10 13:28:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 13:28:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 13:28:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 13:28:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 13:28:33 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 13:28:32 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 13:28:31 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 13:28:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 13:28:31 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 13:28:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-10-10 13:11:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 13:11:14 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-26 03:31:08 2510691 ----a-w- C:\ProgramData\SPLC024.tmp
2012-08-26 03:27:13 2509415 ----a-w- C:\ProgramData\SPL2B09.tmp
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-05 12:40:38 2835988 ----a-w- C:\ProgramData\SPL5F9C.tmp
2012-08-04 22:18:43 2835988 ----a-w- C:\ProgramData\SPL85B2.tmp
2012-08-04 22:14:59 2835988 ----a-w- C:\ProgramData\SPL1B00.tmp
.
============= FINISH: 12:09:10.14 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Thank you for the quick response.
Here are the log files you requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 01-11-2012 13:02:50
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [lxdfmon.exe] "C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe" [455336 2009-07-07] ()
HKLM\...\Run: [lxdfamon] "C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe" [25256 2009-07-07] ()
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Lexmark 6500 Series] "C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe" /s [307880 2009-07-07] ()
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-10-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1568976 2012-06-20] (Ask)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Alicia\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-30] (SUPERAntiSpyware.com)
HKU\Cheryl\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.111 192.168.1.110 4.2.2.2
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-10-30] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-10-30] (Avira Operations GmbH & Co. KG)
2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [465360 2012-10-30] (Avira Operations GmbH & Co. KG)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [134920 2012-03-06] (AVAST Software)
2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
2 lxdf_device; C:\Windows\system32\lxdfcoms.exe -service [1053104 2007-05-29] ( )
2 lxdf_device; C:\Windows\SysWow64\lxdfcoms.exe -service [598960 2007-05-29] ( )
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
4 PingTaisWz; C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [236928 2009-05-22] ()
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [x]
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x]
==================== Drivers (Whitelisted) =====================
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [141144 2012-03-06] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2010-01-09] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [258904 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-10-30] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-10-30] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-12-09] (Avira GmbH)
1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131672 2010-12-06] (Deterministic Networks, Inc.)
0 FixZeroAccess; C:\Windows\System32\Drivers\FixZeroAccess.sys [27256 2012-10-31] (Symantec Corporation)
3 FlyUsb; C:\Windows\System32\Drivers\FlyUsb.sys [24576 2012-07-05] (LeapFrog)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-01 08:09 - 2012-11-01 08:09 - 00024014 ____A C:\Users\Alicia\Desktop\dds.txt
2012-11-01 08:09 - 2012-11-01 08:09 - 00019612 ____A C:\Users\Alicia\Desktop\attach.txt
2012-11-01 07:34 - 2012-11-01 07:34 - 00687724 ____R (Swearware) C:\Users\Alicia\Desktop\dds.com
2012-11-01 07:24 - 2012-11-01 07:22 - 00302592 ____A C:\Users\Alicia\Desktop\feiltgo8.exe
2012-11-01 07:22 - 2012-11-01 07:22 - 00302592 ____A C:\Users\Alicia\Downloads\feiltgo8.exe
2012-11-01 06:57 - 2012-11-01 06:57 - 00002096 ____A C:\Users\Administrator\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-11-01 06:46 - 2012-11-01 06:46 - 00002098 ____A C:\Users\Administrator\Desktop\Avira Free Antivirus Profile Scan for Rootkits and active malware.LNK
2012-11-01 06:41 - 2012-11-01 06:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2012-11-01 06:38 - 2012-11-01 06:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\AskToolbar
2012-11-01 06:32 - 2012-11-01 06:32 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2012-10-31 11:34 - 2012-10-31 11:34 - 00001812 ____A C:\Users\Alicia\Desktop\readme.txt
2012-10-31 11:34 - 2012-10-31 11:34 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\f-secure
2012-10-31 11:33 - 2012-10-31 11:33 - 00000000 ____D C:\Users\All Users\F-Secure
2012-10-31 11:00 - 2012-10-31 11:41 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-10-30 20:40 - 2012-10-30 20:40 - 00000000 ____D C:\Users\Alicia\AppData\Local\AskToolbar
2012-10-30 20:40 - 2012-10-30 20:40 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-10-30 20:33 - 2012-10-30 20:33 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\Avira
2012-10-30 20:30 - 2012-10-30 20:40 - 00002072 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-10-30 20:30 - 2012-10-30 20:40 - 00000000 ____D C:\Users\All Users\Avira
2012-10-30 20:30 - 2012-10-30 20:37 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-10-30 20:30 - 2012-10-30 20:37 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-10-30 20:30 - 2012-10-30 20:30 - 00000000 ____D C:\Program Files (x86)\Avira
2012-10-30 20:30 - 2011-12-09 08:40 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-10-30 20:22 - 2012-10-30 20:22 - 02194704 ____A C:\Users\Alicia\Downloads\tdsskiller.zip
2012-10-30 19:36 - 2012-10-30 19:39 - 12311184 ____A (Simply Super Software ) C:\Users\Alicia\Downloads\trjsetup685.exe
2012-10-30 16:22 - 2011-12-19 07:23 - 00446464 ____A (OldTimer Tools) C:\Users\Alicia\Desktop\1TFC.exe
2012-10-30 16:09 - 2012-10-30 16:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-10-30 16:09 - 2012-10-30 16:09 - 00001814 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-30 16:07 - 2012-10-30 16:08 - 20282456 ____A (SUPERAntiSpyware.com) C:\Users\Alicia\Downloads\SAS_437114.EXE
2012-10-30 16:07 - 2012-10-30 16:07 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-10-30 16:07 - 2012-10-30 16:07 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
2012-10-30 15:13 - 2012-10-30 15:13 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\Malwarebytes
2012-10-30 09:21 - 2012-10-30 09:21 - 00000314 ____A C:\Windows\System32\ricdb.ini
2012-10-30 09:17 - 2010-12-06 17:24 - 00027136 ____A (RICOH CO.,Ltd.) C:\Windows\System32\rc4mon64.DLL
2012-10-30 09:14 - 2012-10-30 09:14 - 00000000 ____D C:\Users\Alicia\Documents\Buckeye
2012-10-30 08:57 - 2012-10-30 08:57 - 00277168 ____A C:\Windows\Minidump\103012-89669-01.dmp
2012-10-28 15:53 - 2012-10-28 15:53 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-10-19 14:33 - 2012-10-19 14:33 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-19 14:33 - 2012-10-19 14:33 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-19 14:33 - 2012-10-19 14:33 - 00000000 ____D C:\Program Files\iTunes
2012-10-19 14:33 - 2012-10-19 14:33 - 00000000 ____D C:\Program Files\iPod
2012-10-19 14:33 - 2012-10-19 14:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-19 14:33 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-10 05:29 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 05:29 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 05:29 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 05:29 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 05:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 05:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 05:29 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 05:29 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 05:29 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 05:29 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 05:29 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 05:29 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 05:29 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 05:29 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 05:29 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 05:29 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 05:28 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 05:28 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 05:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 05:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 05:28 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 05:28 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 05:28 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 05:28 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 05:28 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 05:28 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-04 02:48 - 2012-10-04 02:48 - 00277168 ____A C:\Windows\Minidump\100412-25225-01.dmp

==================== 3 Months Modified Files ==================
2012-11-01 08:55 - 2010-03-20 14:18 - 00016400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-01 08:55 - 2010-03-20 14:18 - 00016400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-01 08:34 - 2010-09-06 09:03 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532692124-1582512281-858999841-1000UA.job
2012-11-01 08:12 - 2012-04-21 06:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-01 08:09 - 2012-11-01 08:09 - 00024014 ____A C:\Users\Alicia\Desktop\dds.txt
2012-11-01 08:09 - 2012-11-01 08:09 - 00019612 ____A C:\Users\Alicia\Desktop\attach.txt
2012-11-01 07:45 - 2009-07-13 21:13 - 00733282 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-01 07:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-01 07:38 - 2009-07-13 20:51 - 00298330 ____A C:\Windows\setupact.log
2012-11-01 07:34 - 2012-11-01 07:34 - 00687724 ____R (Swearware) C:\Users\Alicia\Desktop\dds.com
2012-11-01 07:22 - 2012-11-01 07:24 - 00302592 ____A C:\Users\Alicia\Desktop\feiltgo8.exe
2012-11-01 07:22 - 2012-11-01 07:22 - 00302592 ____A C:\Users\Alicia\Downloads\feiltgo8.exe
2012-11-01 07:04 - 2010-06-03 16:39 - 00002011 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2012-11-01 06:57 - 2012-11-01 06:57 - 00002096 ____A C:\Users\Administrator\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
2012-11-01 06:46 - 2012-11-01 06:46 - 00002098 ____A C:\Users\Administrator\Desktop\Avira Free Antivirus Profile Scan for Rootkits and active malware.LNK
2012-11-01 06:29 - 2009-07-13 20:45 - 00863208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-31 11:41 - 2012-10-31 11:00 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-10-31 11:34 - 2012-10-31 11:34 - 00001812 ____A C:\Users\Alicia\Desktop\readme.txt
2012-10-31 10:48 - 2010-03-20 14:40 - 00170932 ____A C:\Windows\PFRO.log
2012-10-31 04:39 - 2010-03-20 14:53 - 02035287 ____A C:\Windows\WindowsUpdate.log
2012-10-30 20:40 - 2012-10-30 20:30 - 00002072 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-10-30 20:37 - 2012-10-30 20:30 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-10-30 20:37 - 2012-10-30 20:30 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-10-30 20:22 - 2012-10-30 20:22 - 02194704 ____A C:\Users\Alicia\Downloads\tdsskiller.zip
2012-10-30 19:39 - 2012-10-30 19:36 - 12311184 ____A (Simply Super Software ) C:\Users\Alicia\Downloads\trjsetup685.exe
2012-10-30 16:09 - 2012-10-30 16:09 - 00001814 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-30 16:08 - 2012-10-30 16:07 - 20282456 ____A (SUPERAntiSpyware.com) C:\Users\Alicia\Downloads\SAS_437114.EXE
2012-10-30 15:14 - 2012-01-14 10:59 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-30 09:21 - 2012-10-30 09:21 - 00000314 ____A C:\Windows\System32\ricdb.ini
2012-10-30 08:58 - 2012-05-20 16:28 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-10-30 08:57 - 2012-10-30 08:57 - 00277168 ____A C:\Windows\Minidump\103012-89669-01.dmp
2012-10-30 08:56 - 2012-05-24 15:35 - 559362584 ____A C:\Windows\MEMORY.DMP
2012-10-29 16:34 - 2010-09-06 09:03 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532692124-1582512281-858999841-1000Core.job
2012-10-19 14:33 - 2012-10-19 14:33 - 00001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-11 16:50 - 2010-04-28 04:47 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-10 05:11 - 2012-04-21 06:19 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-10 05:11 - 2011-05-24 03:21 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-04 02:48 - 2012-10-04 02:48 - 00277168 ____A C:\Windows\Minidump\100412-25225-01.dmp
2012-09-29 15:54 - 2012-01-14 10:59 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-24 06:47 - 2009-05-02 22:46 - 00027628 ____A C:\Windows\DPINST.LOG
2012-09-17 17:47 - 2009-05-02 22:44 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-17 17:47 - 2009-05-02 22:44 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-14 11:19 - 2012-10-10 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-10 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-08 09:46 - 2012-09-08 09:46 - 00002157 ____A C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
2012-09-08 06:58 - 2009-05-02 22:53 - 00234757 ____A C:\Windows\DirectX.log
2012-09-08 06:51 - 2012-09-08 06:37 - 00000095 ____A C:\Windows\MovieHunter.INI
2012-09-02 04:55 - 2012-09-02 04:55 - 00000946 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk
2012-09-02 04:50 - 2012-09-02 04:49 - 10716040 ____A (LeapFrog Enterprises, Inc.) C:\Users\Alicia\Downloads\LeapFrogConnectSetup_LeapPadExplorer.exe
2012-08-31 10:19 - 2012-10-10 05:29 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-10 05:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-10 05:29 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-10 05:29 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-28 03:19 - 2012-08-28 03:19 - 00277168 ____A C:\Windows\Minidump\082812-23212-01.dmp
2012-08-26 07:52 - 2012-08-26 07:52 - 00277168 ____A C:\Windows\Minidump\082612-22760-01.dmp
2012-08-25 19:31 - 2012-08-25 19:31 - 02510691 ____A C:\Users\All Users\SPLC024.tmp
2012-08-25 19:27 - 2012-08-25 19:27 - 02509415 ____A C:\Users\All Users\SPL2B09.tmp
2012-08-24 10:05 - 2012-10-10 05:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-10 05:29 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-25 15:42 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-25 15:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-25 15:42 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-25 15:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-25 15:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-25 15:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-25 15:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-25 15:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-25 15:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-25 15:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-25 15:42 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-25 15:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-25 15:42 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-25 15:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-25 15:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-25 15:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-25 15:42 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-25 15:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-25 15:42 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-25 15:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-25 15:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-25 15:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-25 15:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-25 15:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-25 15:42 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-25 15:42 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-25 15:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-25 15:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-25 15:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-25 15:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-25 15:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-25 15:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-11 13:56 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 13:56 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 13:56 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 13:56 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-28 15:30 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 09:01 - 2012-10-19 14:33 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 09:01 - 2012-07-21 05:55 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 09:01 - 2012-07-21 05:55 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-10 05:29 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-10 05:29 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-10 05:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-10 05:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-10 05:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-10 05:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-10 05:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-10 05:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-10 05:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-10 05:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-10 05:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 05:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 05:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 05:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-12 14:54 - 2012-08-12 14:54 - 00000000 ____A C:\Users\Alicia\AppData\Roaming\wklnhst.dat
2012-08-10 16:56 - 2012-10-10 05:28 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-10 05:28 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-05 08:51 - 2012-05-19 13:39 - 00277920 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-05 08:48 - 2012-08-05 08:48 - 00277168 ____A C:\Windows\Minidump\080512-48063-01.dmp
2012-08-05 04:40 - 2012-08-05 04:40 - 02835988 ____A C:\Users\All Users\SPL5F9C.tmp
2012-08-05 04:40 - 2012-08-05 04:39 - 00277168 ____A C:\Windows\Minidump\080512-43165-01.dmp
2012-08-04 14:18 - 2012-08-04 14:18 - 02835988 ____A C:\Users\All Users\SPL85B2.tmp
2012-08-04 14:18 - 2012-08-04 14:17 - 00277168 ____A C:\Windows\Minidump\080412-43399-01.dmp
2012-08-04 14:14 - 2012-08-04 14:14 - 02835988 ____A C:\Users\All Users\SPL1B00.tmp
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3963.99 MB
Available physical RAM: 3375.95 MB
Total Pagefile: 3962.14 MB
Available Pagefile: 3383.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (Alicia) (Fixed) (Total:286.58 GB) (Free:127.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
4 Drive f: (Cruzer) (Removable) (Total:3.74 GB) (Free:2.61 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3835 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Alicia NTFS Partition 286 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Cruzer FAT32 Removable 3827 MB Healthy
=========================================================
Last Boot: 2012-10-26 13:53
==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-01 13:04:56
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
 
It looks fine.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Tdsskiller log part 1 - nothing found
14:36:58.0551 2948 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:36:59.0097 2948 ============================================================
14:36:59.0097 2948 Current date / time: 2012/11/01 14:36:59.0097
14:36:59.0097 2948 SystemInfo:
14:36:59.0097 2948
14:36:59.0097 2948 OS Version: 6.1.7601 ServicePack: 1.0
14:36:59.0097 2948 Product type: Workstation
14:36:59.0097 2948 ComputerName: ALICIA-TOSHIBA
14:36:59.0097 2948 UserName: Alicia
14:36:59.0097 2948 Windows directory: C:\Windows
14:36:59.0097 2948 System windows directory: C:\Windows
14:36:59.0097 2948 Running under WOW64
14:36:59.0097 2948 Processor architecture: Intel x64
14:36:59.0097 2948 Number of processors: 2
14:36:59.0097 2948 Page size: 0x1000
14:36:59.0097 2948 Boot type: Normal boot
14:36:59.0097 2948 ============================================================
14:36:59.0612 2948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:36:59.0612 2948 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:36:59.0628 2948 Drive \Device\Harddisk2\DR2 - Size: 0xEE47FE00 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:36:59.0628 2948 ============================================================
14:36:59.0628 2948 \Device\Harddisk0\DR0:
14:36:59.0628 2948 MBR partitions:
14:36:59.0628 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D28000
14:36:59.0628 2948 \Device\Harddisk1\DR1:
14:36:59.0628 2948 MBR partitions:
14:36:59.0628 2948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0xEEFFCF
14:36:59.0628 2948 \Device\Harddisk2\DR2:
14:36:59.0628 2948 MBR partitions:
14:36:59.0628 2948 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7723DF
14:36:59.0628 2948 ============================================================
14:36:59.0659 2948 C: <-> \Device\Harddisk0\DR0\Partition1
14:36:59.0659 2948 ============================================================
14:36:59.0659 2948 Initialize success
14:36:59.0659 2948 ============================================================
14:37:06.0445 4624 ============================================================
14:37:06.0445 4624 Scan started
14:37:06.0445 4624 Mode: Manual;
14:37:06.0445 4624 ============================================================
14:37:06.0710 4624 ================ Scan system memory ========================
14:37:06.0710 4624 System memory - ok
14:37:06.0710 4624 ================ Scan services =============================
14:37:06.0835 4624 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:37:06.0835 4624 !SASCORE - ok
14:37:07.0053 4624 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:37:07.0053 4624 1394ohci - ok
14:37:07.0116 4624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:37:07.0116 4624 ACPI - ok
14:37:07.0162 4624 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:37:07.0178 4624 AcpiPmi - ok
14:37:07.0334 4624 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:37:07.0334 4624 AdobeFlashPlayerUpdateSvc - ok
14:37:07.0396 4624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:37:07.0412 4624 adp94xx - ok
14:37:07.0443 4624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:37:07.0443 4624 adpahci - ok
14:37:07.0459 4624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:37:07.0459 4624 adpu320 - ok
14:37:07.0506 4624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:37:07.0506 4624 AeLookupSvc - ok
14:37:07.0584 4624 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
14:37:07.0599 4624 Afc - ok
14:37:07.0662 4624 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:37:07.0662 4624 AFD - ok
14:37:07.0740 4624 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
14:37:07.0786 4624 AgereSoftModem - ok
14:37:07.0833 4624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:37:07.0833 4624 agp440 - ok
14:37:07.0896 4624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:37:07.0896 4624 ALG - ok
14:37:07.0911 4624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:37:07.0911 4624 aliide - ok
14:37:07.0942 4624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:37:07.0942 4624 amdide - ok
14:37:07.0974 4624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:37:07.0974 4624 AmdK8 - ok
14:37:08.0005 4624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:37:08.0005 4624 AmdPPM - ok
14:37:08.0067 4624 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:37:08.0067 4624 amdsata - ok
14:37:08.0083 4624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:37:08.0083 4624 amdsbs - ok
14:37:08.0114 4624 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:37:08.0114 4624 amdxata - ok
14:37:08.0223 4624 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:37:08.0239 4624 AntiVirSchedulerService - ok
14:37:08.0254 4624 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:37:08.0254 4624 AntiVirService - ok
14:37:08.0286 4624 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:37:08.0286 4624 AntiVirWebService - ok
14:37:08.0332 4624 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:37:08.0332 4624 AppID - ok
14:37:08.0379 4624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:37:08.0395 4624 AppIDSvc - ok
14:37:08.0426 4624 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:37:08.0426 4624 Appinfo - ok
14:37:08.0520 4624 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:37:08.0520 4624 Apple Mobile Device - ok
14:37:08.0566 4624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:37:08.0566 4624 arc - ok
14:37:08.0598 4624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:37:08.0598 4624 arcsas - ok
14:37:08.0644 4624 [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:37:08.0644 4624 aswFsBlk - ok
14:37:08.0707 4624 [ FFE56AC75A257141561DAF42C3F7D16B ] aswFW C:\Windows\system32\drivers\aswFW.sys
14:37:08.0722 4624 aswFW - ok
14:37:08.0769 4624 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
14:37:08.0785 4624 aswKbd - ok
14:37:08.0832 4624 [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:37:08.0832 4624 aswMonFlt - ok
14:37:08.0863 4624 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
14:37:08.0863 4624 aswNdis - ok
14:37:08.0894 4624 [ 36DBCB80E0AF1DC228F495FAF00A4BC8 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
14:37:08.0910 4624 aswNdis2 - ok
14:37:08.0972 4624 [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:37:08.0972 4624 aswRdr - ok
14:37:09.0019 4624 [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:37:09.0050 4624 aswSnx - ok
14:37:09.0097 4624 [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:37:09.0128 4624 aswSP - ok
14:37:09.0175 4624 [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:37:09.0175 4624 aswTdi - ok
14:37:09.0206 4624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:37:09.0206 4624 AsyncMac - ok
14:37:09.0284 4624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:37:09.0284 4624 atapi - ok
14:37:09.0346 4624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:37:09.0378 4624 AudioEndpointBuilder - ok
14:37:09.0409 4624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:37:09.0409 4624 AudioSrv - ok
14:37:09.0534 4624 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:37:09.0534 4624 avast! Antivirus - ok
14:37:09.0565 4624 [ 7D465549DFB0ECA6601E9609C72CD20A ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
14:37:09.0565 4624 avast! Firewall - ok
14:37:09.0580 4624 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:37:09.0596 4624 avgntflt - ok
14:37:09.0627 4624 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:37:09.0643 4624 avipbb - ok
14:37:09.0674 4624 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:37:09.0690 4624 avkmgr - ok
14:37:09.0736 4624 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:37:09.0736 4624 AxInstSV - ok
14:37:09.0799 4624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:37:09.0814 4624 b06bdrv - ok
14:37:09.0877 4624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:37:09.0877 4624 b57nd60a - ok
14:37:09.0924 4624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:37:09.0939 4624 BDESVC - ok
14:37:09.0939 4624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:37:09.0939 4624 Beep - ok
14:37:09.0970 4624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:37:09.0970 4624 blbdrive - ok
14:37:10.0017 4624 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:37:10.0033 4624 Bonjour Service - ok
14:37:10.0064 4624 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:37:10.0064 4624 bowser - ok
14:37:10.0095 4624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:37:10.0095 4624 BrFiltLo - ok
14:37:10.0095 4624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:37:10.0095 4624 BrFiltUp - ok
14:37:10.0142 4624 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:37:10.0142 4624 Browser - ok
14:37:10.0173 4624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:37:10.0173 4624 Brserid - ok
14:37:10.0189 4624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:37:10.0189 4624 BrSerWdm - ok
14:37:10.0204 4624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:37:10.0204 4624 BrUsbMdm - ok
14:37:10.0220 4624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:37:10.0220 4624 BrUsbSer - ok
14:37:10.0236 4624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:37:10.0236 4624 BTHMODEM - ok
14:37:10.0282 4624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:37:10.0282 4624 bthserv - ok
14:37:10.0392 4624 [ F1140ED3A1E1D6824A63F27AFD9EEF32 ] camsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
14:37:10.0392 4624 camsvc - ok
14:37:10.0407 4624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:37:10.0407 4624 cdfs - ok
14:37:10.0485 4624 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:37:10.0485 4624 cdrom - ok
14:37:10.0516 4624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:37:10.0516 4624 CertPropSvc - ok
14:37:10.0579 4624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:37:10.0579 4624 circlass - ok
14:37:10.0626 4624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:37:10.0626 4624 CLFS - ok
14:37:10.0704 4624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:10.0704 4624 clr_optimization_v2.0.50727_32 - ok
14:37:10.0813 4624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:37:10.0813 4624 clr_optimization_v2.0.50727_64 - ok
14:37:10.0891 4624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:37:10.0891 4624 clr_optimization_v4.0.30319_32 - ok
14:37:10.0922 4624 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:37:10.0922 4624 clr_optimization_v4.0.30319_64 - ok
14:37:10.0969 4624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:37:10.0969 4624 CmBatt - ok
14:37:10.0984 4624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:37:10.0984 4624 cmdide - ok
14:37:11.0047 4624 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:37:11.0047 4624 CNG - ok
14:37:11.0078 4624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:37:11.0078 4624 Compbatt - ok
14:37:11.0140 4624 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:37:11.0140 4624 CompositeBus - ok
14:37:11.0156 4624 COMSysApp - ok
14:37:11.0172 4624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:37:11.0172 4624 crcdisk - ok
14:37:11.0218 4624 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:37:11.0234 4624 CryptSvc - ok
14:37:11.0296 4624 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
14:37:11.0296 4624 dc3d - ok
14:37:11.0359 4624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:37:11.0359 4624 DcomLaunch - ok
14:37:11.0421 4624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:37:11.0421 4624 defragsvc - ok
14:37:11.0484 4624 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:37:11.0484 4624 DfsC - ok
14:37:11.0530 4624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:37:11.0546 4624 Dhcp - ok
14:37:11.0608 4624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
 
Tdsskiller log part 2

14:37:11.0608 4624 discache - ok
14:37:11.0640 4624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:37:11.0640 4624 Disk - ok
14:37:11.0702 4624 [ 599864BDC6D2D769E5FF53E960C6B3BD ] DNE C:\Windows\system32\DRIVERS\dnelwf64.sys
14:37:11.0718 4624 DNE - ok
14:37:11.0780 4624 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:37:11.0780 4624 Dnscache - ok
14:37:11.0811 4624 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:37:11.0827 4624 dot3svc - ok
14:37:11.0874 4624 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:37:11.0874 4624 DPS - ok
14:37:11.0905 4624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:37:11.0905 4624 drmkaud - ok
14:37:11.0967 4624 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:37:12.0061 4624 DXGKrnl - ok
14:37:12.0123 4624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:37:12.0123 4624 EapHost - ok
14:37:12.0248 4624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:37:12.0342 4624 ebdrv - ok
14:37:12.0388 4624 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:37:12.0404 4624 EFS - ok
14:37:12.0482 4624 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:37:12.0498 4624 ehRecvr - ok
14:37:12.0560 4624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:37:12.0560 4624 ehSched - ok
14:37:12.0622 4624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:37:12.0622 4624 elxstor - ok
14:37:12.0669 4624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:37:12.0669 4624 ErrDev - ok
14:37:12.0732 4624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:37:12.0763 4624 EventSystem - ok
14:37:12.0872 4624 EvtEng - ok
14:37:12.0888 4624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:37:12.0919 4624 exfat - ok
14:37:12.0950 4624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:37:12.0966 4624 fastfat - ok
14:37:13.0028 4624 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:37:13.0059 4624 Fax - ok
14:37:13.0090 4624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:37:13.0106 4624 fdc - ok
14:37:13.0153 4624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:37:13.0153 4624 fdPHost - ok
14:37:13.0168 4624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:37:13.0168 4624 FDResPub - ok
14:37:13.0184 4624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:37:13.0184 4624 FileInfo - ok
14:37:13.0200 4624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:37:13.0215 4624 Filetrace - ok
14:37:13.0246 4624 [ AC7E21145B9348BFC1B1DEC7BC238B3F ] FixZeroAccess C:\Windows\system32\drivers\FixZeroAccess.sys
14:37:13.0246 4624 FixZeroAccess - ok
14:37:13.0278 4624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:37:13.0278 4624 flpydisk - ok
14:37:13.0309 4624 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:37:13.0324 4624 FltMgr - ok
14:37:13.0387 4624 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
14:37:13.0387 4624 FlyUsb - ok
14:37:13.0449 4624 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:37:13.0480 4624 FontCache - ok
14:37:13.0574 4624 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:37:13.0590 4624 FontCache3.0.0.0 - ok
14:37:13.0605 4624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:37:13.0605 4624 FsDepends - ok
14:37:13.0668 4624 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:37:13.0668 4624 fssfltr - ok
14:37:13.0792 4624 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:37:13.0792 4624 fsssvc - ok
14:37:13.0824 4624 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:37:13.0839 4624 Fs_Rec - ok
14:37:13.0886 4624 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:37:13.0886 4624 fvevol - ok
14:37:13.0933 4624 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
14:37:13.0933 4624 FwLnk - ok
14:37:13.0948 4624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:37:13.0964 4624 gagp30kx - ok
14:37:14.0073 4624 [ 37331304E89A773B1A86FE681FCA150D ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
14:37:14.0073 4624 GameConsoleService - ok
14:37:14.0120 4624 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:37:14.0120 4624 GEARAspiWDM - ok
14:37:14.0198 4624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:37:14.0229 4624 gpsvc - ok
14:37:14.0292 4624 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:37:14.0292 4624 gusvc - ok
14:37:14.0338 4624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:37:14.0338 4624 hcw85cir - ok
14:37:14.0401 4624 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:37:14.0401 4624 HdAudAddService - ok
14:37:14.0448 4624 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:37:14.0448 4624 HDAudBus - ok
14:37:14.0463 4624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:37:14.0463 4624 HidBatt - ok
14:37:14.0494 4624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:37:14.0494 4624 HidBth - ok
14:37:14.0510 4624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:37:14.0510 4624 HidIr - ok
14:37:14.0541 4624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:37:14.0557 4624 hidserv - ok
14:37:14.0604 4624 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:37:14.0604 4624 HidUsb - ok
14:37:14.0666 4624 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:37:14.0666 4624 hkmsvc - ok
14:37:14.0713 4624 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:37:14.0713 4624 HomeGroupListener - ok
14:37:14.0760 4624 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:37:14.0775 4624 HomeGroupProvider - ok
14:37:14.0822 4624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:37:14.0822 4624 HpSAMD - ok
14:37:14.0900 4624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:37:14.0916 4624 HTTP - ok
14:37:14.0962 4624 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:37:14.0962 4624 hwpolicy - ok
14:37:15.0009 4624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:37:15.0025 4624 i8042prt - ok
14:37:15.0087 4624 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:37:15.0087 4624 iaStor - ok
14:37:15.0118 4624 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:37:15.0134 4624 iaStorV - ok
14:37:15.0196 4624 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:37:15.0196 4624 IDriverT - ok
14:37:15.0259 4624 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:37:15.0274 4624 idsvc - ok
14:37:15.0586 4624 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:37:15.0852 4624 igfx - ok
14:37:15.0883 4624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:37:15.0883 4624 iirsp - ok
14:37:15.0961 4624 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:37:15.0976 4624 IKEEXT - ok
14:37:16.0023 4624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:37:16.0023 4624 intelide - ok
14:37:16.0039 4624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:37:16.0039 4624 intelppm - ok
14:37:16.0086 4624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:37:16.0101 4624 IPBusEnum - ok
14:37:16.0148 4624 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:37:16.0148 4624 IpFilterDriver - ok
14:37:16.0179 4624 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:37:16.0195 4624 IPMIDRV - ok
14:37:16.0195 4624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:37:16.0195 4624 IPNAT - ok
14:37:16.0257 4624 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:37:16.0273 4624 iPod Service - ok
14:37:16.0304 4624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:37:16.0304 4624 IRENUM - ok
14:37:16.0320 4624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:37:16.0320 4624 isapnp - ok
14:37:16.0366 4624 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:37:16.0382 4624 iScsiPrt - ok
14:37:16.0429 4624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:37:16.0429 4624 kbdclass - ok
14:37:16.0476 4624 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:37:16.0476 4624 kbdhid - ok
14:37:16.0491 4624 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:37:16.0491 4624 KeyIso - ok
14:37:16.0522 4624 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:37:16.0522 4624 KSecDD - ok
14:37:16.0554 4624 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:37:16.0554 4624 KSecPkg - ok
14:37:16.0569 4624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:37:16.0569 4624 ksthunk - ok
14:37:16.0632 4624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:37:16.0632 4624 KtmRm - ok
14:37:16.0678 4624 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:37:16.0694 4624 LanmanServer - ok
14:37:16.0741 4624 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:37:16.0741 4624 LanmanWorkstation - ok
14:37:16.0990 4624 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
14:37:17.0146 4624 LeapFrog Connect Device Service - ok
14:37:17.0193 4624 [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
14:37:17.0193 4624 LeapFrog-USBLAN - ok
14:37:17.0256 4624 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:37:17.0256 4624 LightScribeService - ok
14:37:17.0287 4624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:37:17.0287 4624 lltdio - ok
14:37:17.0334 4624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:37:17.0349 4624 lltdsvc - ok
14:37:17.0380 4624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:37:17.0380 4624 lmhosts - ok
14:37:17.0427 4624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:37:17.0443 4624 LSI_FC - ok
14:37:17.0443 4624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:37:17.0443 4624 LSI_SAS - ok
14:37:17.0458 4624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:37:17.0458 4624 LSI_SAS2 - ok
14:37:17.0458 4624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:37:17.0474 4624 LSI_SCSI - ok
14:37:17.0490 4624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:37:17.0490 4624 luafv - ok
14:37:17.0583 4624 [ 06407E13684E4B1AD56C62893E718248 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe
14:37:17.0583 4624 lxdfCATSCustConnectService - ok
14:37:17.0630 4624 lxdf_device - ok
14:37:17.0677 4624 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:37:17.0677 4624 MBAMProtector - ok
14:37:17.0755 4624 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:37:17.0755 4624 MBAMScheduler - ok
14:37:17.0802 4624 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:37:17.0817 4624 MBAMService - ok
14:37:17.0880 4624 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:37:17.0880 4624 Mcx2Svc - ok
14:37:17.0926 4624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:37:17.0926 4624 megasas - ok
14:37:17.0958 4624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:37:17.0958 4624 MegaSR - ok
14:37:18.0051 4624 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:37:18.0051 4624 Microsoft Office Groove Audit Service - ok
14:37:18.0082 4624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:37:18.0098 4624 MMCSS - ok
14:37:18.0114 4624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:37:18.0114 4624 Modem - ok
14:37:18.0145 4624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:37:18.0145 4624 monitor - ok
14:37:18.0176 4624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:37:18.0176 4624 mouclass - ok
14:37:18.0207 4624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:37:18.0207 4624 mouhid - ok
14:37:18.0238 4624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:37:18.0238 4624 mountmgr - ok
14:37:18.0285 4624 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:37:18.0285 4624 mpio - ok
14:37:18.0301 4624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:37:18.0301 4624 mpsdrv - ok
14:37:18.0348 4624 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:37:18.0348 4624 MRxDAV - ok
14:37:18.0394 4624 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:37:18.0394 4624 mrxsmb - ok
14:37:18.0441 4624 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:37:18.0441 4624 mrxsmb10 - ok
14:37:18.0457 4624 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:37:18.0457 4624 mrxsmb20 - ok
14:37:18.0504 4624 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:37:18.0504 4624 msahci - ok
14:37:18.0504 4624 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:37:18.0504 4624 msdsm - ok
14:37:18.0535 4624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:37:18.0535 4624 MSDTC - ok
14:37:18.0597 4624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:37:18.0597 4624 Msfs - ok
14:37:18.0628 4624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:37:18.0628 4624 mshidkmdf - ok
14:37:18.0644 4624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:37:18.0644 4624 msisadrv - ok
14:37:18.0675 4624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:37:18.0691 4624 MSiSCSI - ok
14:37:18.0691 4624 msiserver - ok
14:37:18.0722 4624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:37:18.0722 4624 MSKSSRV - ok
14:37:18.0738 4624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:37:18.0738 4624 MSPCLOCK - ok
14:37:18.0753 4624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:37:18.0753 4624 MSPQM - ok
14:37:18.0800 4624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:37:18.0831 4624 MsRPC - ok
14:37:18.0878 4624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:37:18.0878 4624 mssmbios - ok
14:37:18.0894 4624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:37:18.0894 4624 MSTEE - ok
14:37:18.0909 4624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:37:18.0909 4624 MTConfig - ok
14:37:18.0956 4624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:37:18.0956 4624 Mup - ok
14:37:19.0003 4624 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:37:19.0018 4624 napagent - ok
14:37:19.0081 4624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:37:19.0081 4624 NativeWifiP - ok
14:37:19.0159 4624 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:37:19.0190 4624 NDIS - ok
14:37:19.0206 4624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:37:19.0206 4624 NdisCap - ok
14:37:19.0237 4624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:37:19.0237 4624 NdisTapi - ok
14:37:19.0268 4624 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:37:19.0268 4624 Ndisuio - ok
14:37:19.0315 4624 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:37:19.0315 4624 NdisWan - ok
14:37:19.0362 4624 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:37:19.0362 4624 NDProxy - ok
14:37:19.0424 4624 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:37:19.0424 4624 Net Driver HPZ12 - ok
14:37:19.0440 4624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:37:19.0440 4624 NetBIOS - ok
14:37:19.0486 4624 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:37:19.0502 4624 NetBT - ok
14:37:19.0518 4624 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:37:19.0518 4624 Netlogon - ok
14:37:19.0564 4624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:37:19.0580 4624 Netman - ok
14:37:19.0596 4624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:37:19.0596 4624 netprofm - ok
14:37:19.0642 4624 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:19.0642 4624 NetTcpPortSharing - ok
14:37:19.0892 4624 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
14:37:20.0064 4624 NETw5s64 - ok
14:37:20.0235 4624 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:37:20.0376 4624 netw5v64 - ok
14:37:20.0422 4624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:37:20.0422 4624 nfrd960 - ok
14:37:20.0485 4624 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:37:20.0485 4624 NlaSvc - ok
14:37:20.0516 4624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:37:20.0516 4624 Npfs - ok
14:37:20.0563 4624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:37:20.0578 4624 nsi - ok
14:37:20.0594 4624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:37:20.0594 4624 nsiproxy - ok
14:37:20.0688 4624 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:37:20.0781 4624 Ntfs - ok
14:37:20.0828 4624 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
14:37:20.0828 4624 NuidFltr - ok
14:37:20.0844 4624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:37:20.0844 4624 Null - ok
14:37:20.0906 4624 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:37:20.0906 4624 nvraid - ok
14:37:20.0922 4624 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:37:20.0922 4624 nvstor - ok
14:37:20.0968 4624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:37:20.0968 4624 nv_agp - ok
14:37:21.0062 4624 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:37:21.0062 4624 odserv - ok
14:37:21.0109 4624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:37:21.0109 4624 ohci1394 - ok
14:37:21.0156 4624 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:21.0156 4624 ose - ok
14:37:21.0218 4624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:37:21.0218 4624 p2pimsvc - ok
14:37:21.0296 4624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:37:21.0312 4624 p2psvc - ok
14:37:21.0358 4624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:37:21.0358 4624 Parport - ok
14:37:21.0405 4624 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:37:21.0405 4624 partmgr - ok
14:37:21.0421 4624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:37:21.0436 4624 PcaSvc - ok
14:37:21.0468 4624 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:37:21.0483 4624 pci - ok
14:37:21.0514 4624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:37:21.0514 4624 pciide - ok
14:37:21.0530 4624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:37:21.0530 4624 pcmcia - ok
14:37:21.0530 4624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:37:21.0546 4624 pcw - ok
14:37:21.0577 4624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:37:21.0592 4624 PEAUTH - ok
14:37:21.0717 4624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:37:21.0717 4624 PerfHost - ok
14:37:21.0780 4624 [ 2C3BA65F8CA712730050C29104E093F9 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
14:37:21.0780 4624 PGEffect - ok
14:37:21.0904 4624 [ 6BE001FA2F30220EB14658DEF8E8D7C7 ] PingTaisWz C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe
14:37:21.0904 4624 PingTaisWz - ok
14:37:21.0967 4624 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:37:22.0014 4624 pla - ok
14:37:22.0076 4624 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:37:22.0092 4624 PlugPlay - ok
14:37:22.0154 4624 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:37:22.0170 4624 Pml Driver HPZ12 - ok
14:37:22.0201 4624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:37:22.0201 4624 PNRPAutoReg - ok
14:37:22.0216 4624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:37:22.0232 4624 PNRPsvc - ok
14:37:22.0279 4624 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
14:37:22.0279 4624 Point64 - ok
14:37:22.0326 4624 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:37:22.0341 4624 PolicyAgent - ok
14:37:22.0388 4624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:37:22.0404 4624 Power - ok
14:37:22.0450 4624 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:37:22.0450 4624 PptpMiniport - ok
14:37:22.0482 4624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:37:22.0482 4624 Processor - ok
14:37:22.0513 4624 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:37:22.0513 4624 ProfSvc - ok
14:37:22.0528 4624 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:37:22.0528 4624 ProtectedStorage - ok
14:37:22.0591 4624 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:37:22.0591 4624 Psched - ok
14:37:22.0622 4624 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:37:22.0638 4624 PxHlpa64 - ok
14:37:22.0716 4624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:37:22.0747 4624 ql2300 - ok
14:37:22.0762 4624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:37:22.0762 4624 ql40xx - ok
14:37:22.0809 4624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:37:22.0825 4624 QWAVE - ok
14:37:22.0840 4624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:37:22.0840 4624 QWAVEdrv - ok
14:37:22.0856 4624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:37:22.0856 4624 RasAcd - ok
14:37:22.0887 4624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:37:22.0887 4624 RasAgileVpn - ok
14:37:22.0903 4624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:37:22.0903 4624 RasAuto - ok
14:37:22.0934 4624 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:37:22.0950 4624 Rasl2tp - ok
14:37:22.0981 4624 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:37:22.0996 4624 RasMan - ok
14:37:23.0012 4624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:37:23.0012 4624 RasPppoe - ok
14:37:23.0028 4624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:37:23.0028 4624 RasSstp - ok
14:37:23.0074 4624 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:37:23.0090 4624 rdbss - ok
14:37:23.0106 4624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:37:23.0106 4624 rdpbus - ok
14:37:23.0121 4624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:37:23.0121 4624 RDPCDD - ok
14:37:23.0152 4624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:37:23.0152 4624 RDPENCDD - ok
14:37:23.0152 4624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:37:23.0152 4624 RDPREFMP - ok
14:37:23.0184 4624 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:37:23.0199 4624 RDPWD - ok
14:37:23.0246 4624 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:37:23.0262 4624 rdyboost - ok
14:37:23.0340 4624 RegSrvc - ok
14:37:23.0386 4624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:37:23.0402 4624 RemoteAccess - ok
14:37:23.0433 4624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:37:23.0449 4624 RemoteRegistry - ok
14:37:23.0464 4624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:37:23.0464 4624 RpcEptMapper - ok
14:37:23.0496 4624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:37:23.0496 4624 RpcLocator - ok
14:37:23.0558 4624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:37:23.0558 4624 RpcSs - ok
14:37:23.0636 4624 RSELSVC - ok
14:37:23.0698 4624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:37:23.0698 4624 rspndr - ok
14:37:23.0761 4624 [ 3E800D0DD24C5CFE61A1D71A3F6FEAB9 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
14:37:23.0761 4624 RTL8169 - ok
14:37:23.0808 4624 [ 6EF529EDE403010E1E7796325E3A4B3D ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
14:37:23.0808 4624 RTSTOR - ok
14:37:23.0823 4624 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:37:23.0823 4624 SamSs - ok
14:37:23.0901 4624 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:37:23.0901 4624 SASDIFSV - ok
14:37:23.0917 4624 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:37:23.0917 4624 SASKUTIL - ok
14:37:23.0964 4624 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:37:23.0964 4624 sbp2port - ok
14:37:24.0057 4624 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:37:24.0073 4624 SBSDWSCService - ok
14:37:24.0104 4624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:37:24.0120 4624 SCardSvr - ok
14:37:24.0151 4624 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:37:24.0166 4624 scfilter - ok
14:37:24.0229 4624 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:37:24.0260 4624 Schedule - ok
14:37:24.0291 4624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:37:24.0307 4624 SCPolicySvc - ok
14:37:24.0354 4624 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:37:24.0369 4624 SDRSVC - ok
14:37:24.0416 4624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:37:24.0416 4624 secdrv - ok
14:37:24.0463 4624 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:37:24.0463 4624 seclogon - ok
14:37:24.0478 4624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:37:24.0478 4624 SENS - ok
14:37:24.0494 4624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:37:24.0494 4624 SensrSvc - ok
14:37:24.0525 4624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:37:24.0525 4624 Serenum - ok
14:37:24.0572 4624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:37:24.0572 4624 Serial - ok
14:37:24.0603 4624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:37:24.0603 4624 sermouse - ok
14:37:24.0650 4624 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:37:24.0666 4624 SessionEnv - ok
14:37:24.0712 4624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:37:24.0712 4624 sffdisk - ok
14:37:24.0712 4624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:37:24.0728 4624 sffp_mmc - ok
14:37:24.0744 4624 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:37:24.0744 4624 sffp_sd - ok
14:37:24.0759 4624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:37:24.0759 4624 sfloppy - ok
14:37:24.0806 4624 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:37:24.0822 4624 ShellHWDetection - ok
14:37:24.0853 4624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:37:24.0853 4624 SiSRaid2 - ok
14:37:24.0853 4624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:37:24.0853 4624 SiSRaid4 - ok
14:37:24.0915 4624 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:37:24.0915 4624 SkypeUpdate - ok
14:37:24.0931 4624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:37:24.0931 4624 Smb - ok
14:37:24.0993 4624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:37:25.0009 4624 SNMPTRAP - ok
14:37:25.0024 4624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:37:25.0024 4624 spldr - ok
14:37:25.0056 4624 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:37:25.0071 4624 Spooler - ok
14:37:25.0196 4624 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:37:25.0290 4624 sppsvc - ok
14:37:25.0321 4624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:37:25.0336 4624 sppuinotify - ok
14:37:25.0368 4624 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:37:25.0368 4624 srv - ok
14:37:25.0414 4624 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:37:25.0414 4624 srv2 - ok
14:37:25.0430 4624 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:37:25.0430 4624 srvnet - ok
14:37:25.0492 4624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:37:25.0492 4624 SSDPSRV - ok
14:37:25.0508 4624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:37:25.0524 4624 SstpSvc - ok
14:37:25.0555 4624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:37:25.0555 4624 stexstor - ok
14:37:25.0617 4624 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:37:25.0633 4624 stisvc - ok
14:37:25.0695 4624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:37:25.0695 4624 swenum - ok
14:37:25.0758 4624 [ 18AA39F3229D033D83C40E2B86F86757 ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
14:37:25.0758 4624 SWGVCSvc - ok
14:37:25.0789 4624 [ 62EAC9FB03C327654608070FA78BA84D ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
14:37:25.0804 4624 SWIPsec - ok
14:37:25.0867 4624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:37:25.0898 4624 swprv - ok
14:37:25.0929 4624 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
14:37:25.0929 4624 SWVNIC - ok
14:37:25.0976 4624 [ 6DE6D25CC1D1CB694A1CC3E4604DB644 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:37:25.0992 4624 SynTP - ok
14:37:26.0085 4624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:37:26.0148 4624 SysMain - ok
14:37:26.0194 4624 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:37:26.0194 4624 TabletInputService - ok
14:37:26.0241 4624 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:37:26.0257 4624 TapiSrv - ok
14:37:26.0304 4624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:37:26.0304 4624 TBS - ok
14:37:26.0413 4624 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:37:26.0475 4624 Tcpip - ok
14:37:26.0553 4624 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:37:26.0553 4624 TCPIP6 - ok
14:37:26.0600 4624 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:37:26.0600 4624 tcpipreg - ok
14:37:26.0631 4624 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:37:26.0631 4624 tdcmdpst - ok
14:37:26.0678 4624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:37:26.0678 4624 TDPIPE - ok
14:37:26.0725 4624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:37:26.0725 4624 TDTCP - ok
14:37:26.0772 4624 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:37:26.0772 4624 tdx - ok
14:37:26.0818 4624 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:37:26.0818 4624 TermDD - ok
14:37:26.0881 4624 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:37:26.0896 4624 TermService - ok
14:37:26.0928 4624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
 
Tdsskiller log part 3
14:37:26.0928 4624 Themes - ok
14:37:26.0974 4624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:37:26.0974 4624 THREADORDER - ok
14:37:27.0068 4624 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:37:27.0068 4624 TMachInfo - ok
14:37:27.0146 4624 [ 22BC804EFE155F54252F389B0781D7F2 ] TNaviSrv C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:37:27.0146 4624 TNaviSrv - ok
14:37:27.0193 4624 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe
14:37:27.0193 4624 TODDSrv - ok
14:37:27.0271 4624 [ 7810E3A97E004CD2641FD3FC5D2A62CD ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:37:27.0271 4624 TosCoSrv - ok
14:37:27.0349 4624 [ 947B552AF9371BB52AB1E8C184D1A3D0 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:37:27.0364 4624 TOSHIBA eco Utility Service - ok
14:37:27.0396 4624 [ B67C69E2982769355D9FF76DD3B2A0FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:37:27.0396 4624 TOSHIBA HDD SSD Alert Service - ok
14:37:27.0458 4624 [ 66C4503D050DBACAFC5B38FE54EDD86F ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:37:27.0458 4624 TPCHSrv - ok
14:37:27.0520 4624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:37:27.0520 4624 TrkWks - ok
14:37:27.0598 4624 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:37:27.0598 4624 TrustedInstaller - ok
14:37:27.0661 4624 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:37:27.0661 4624 tssecsrv - ok
14:37:27.0739 4624 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:37:27.0739 4624 TsUsbFlt - ok
14:37:27.0801 4624 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:37:27.0801 4624 tunnel - ok
14:37:27.0848 4624 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:37:27.0848 4624 TVALZ - ok
14:37:27.0895 4624 [ BE32A8658A0B56474AD4D0BB8AFA8E55 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
14:37:27.0895 4624 TVALZFL - ok
14:37:27.0942 4624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:37:27.0942 4624 uagp35 - ok
14:37:27.0988 4624 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:37:27.0988 4624 udfs - ok
14:37:28.0066 4624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:37:28.0066 4624 UI0Detect - ok
14:37:28.0082 4624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:37:28.0098 4624 uliagpkx - ok
14:37:28.0144 4624 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:37:28.0144 4624 umbus - ok
14:37:28.0160 4624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:37:28.0160 4624 UmPass - ok
14:37:28.0176 4624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:37:28.0207 4624 upnphost - ok
14:37:28.0238 4624 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:37:28.0238 4624 USBAAPL64 - ok
14:37:28.0285 4624 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:37:28.0285 4624 usbaudio - ok
14:37:28.0300 4624 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:37:28.0300 4624 usbccgp - ok
14:37:28.0363 4624 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:37:28.0363 4624 usbcir - ok
14:37:28.0394 4624 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:37:28.0394 4624 usbehci - ok
14:37:28.0441 4624 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:37:28.0441 4624 usbhub - ok
14:37:28.0456 4624 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:37:28.0456 4624 usbohci - ok
14:37:28.0503 4624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:37:28.0503 4624 usbprint - ok
14:37:28.0550 4624 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:37:28.0550 4624 usbscan - ok
14:37:28.0566 4624 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:37:28.0581 4624 USBSTOR - ok
14:37:28.0597 4624 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:37:28.0597 4624 usbuhci - ok
14:37:28.0612 4624 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:37:28.0612 4624 usbvideo - ok
14:37:28.0644 4624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:37:28.0659 4624 UxSms - ok
14:37:28.0675 4624 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:37:28.0675 4624 VaultSvc - ok
14:37:28.0722 4624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:37:28.0722 4624 vdrvroot - ok
14:37:28.0768 4624 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:37:28.0784 4624 vds - ok
14:37:28.0831 4624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:37:28.0831 4624 vga - ok
14:37:28.0878 4624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:37:28.0878 4624 VgaSave - ok
14:37:28.0893 4624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:37:28.0893 4624 vhdmp - ok
14:37:28.0940 4624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:37:28.0940 4624 viaide - ok
14:37:28.0956 4624 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:37:28.0971 4624 volmgr - ok
14:37:29.0002 4624 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:37:29.0002 4624 volmgrx - ok
14:37:29.0034 4624 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:37:29.0034 4624 volsnap - ok
14:37:29.0065 4624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:37:29.0065 4624 vsmraid - ok
14:37:29.0143 4624 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:37:29.0190 4624 VSS - ok
14:37:29.0205 4624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:37:29.0205 4624 vwifibus - ok
14:37:29.0252 4624 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:37:29.0252 4624 VWiFiFlt - ok
14:37:29.0268 4624 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:37:29.0268 4624 vwifimp - ok
14:37:29.0314 4624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:37:29.0330 4624 W32Time - ok
14:37:29.0361 4624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:37:29.0361 4624 WacomPen - ok
14:37:29.0424 4624 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:37:29.0439 4624 WANARP - ok
14:37:29.0455 4624 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:37:29.0455 4624 Wanarpv6 - ok
14:37:29.0533 4624 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:37:29.0564 4624 WatAdminSvc - ok
14:37:29.0642 4624 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:37:29.0704 4624 wbengine - ok
14:37:29.0736 4624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:37:29.0751 4624 WbioSrvc - ok
14:37:29.0782 4624 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:37:29.0814 4624 wcncsvc - ok
14:37:29.0829 4624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:37:29.0829 4624 WcsPlugInService - ok
14:37:29.0876 4624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:37:29.0876 4624 Wd - ok
14:37:29.0907 4624 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:37:29.0923 4624 Wdf01000 - ok
14:37:29.0938 4624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:37:29.0954 4624 WdiServiceHost - ok
14:37:29.0954 4624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:37:29.0970 4624 WdiSystemHost - ok
14:37:30.0001 4624 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:37:30.0016 4624 WebClient - ok
14:37:30.0048 4624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:37:30.0048 4624 Wecsvc - ok
14:37:30.0063 4624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:37:30.0079 4624 wercplsupport - ok
14:37:30.0110 4624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:37:30.0110 4624 WerSvc - ok
14:37:30.0141 4624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:37:30.0141 4624 WfpLwf - ok
14:37:30.0157 4624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:37:30.0157 4624 WIMMount - ok
14:37:30.0157 4624 WinHttpAutoProxySvc - ok
14:37:30.0235 4624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:37:30.0250 4624 Winmgmt - ok
14:37:30.0328 4624 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:37:30.0422 4624 WinRM - ok
14:37:30.0469 4624 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
14:37:30.0484 4624 winusb - ok
14:37:30.0531 4624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:37:30.0578 4624 Wlansvc - ok
14:37:30.0703 4624 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:37:30.0734 4624 wlidsvc - ok
14:37:30.0781 4624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:37:30.0781 4624 WmiAcpi - ok
14:37:30.0828 4624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:37:30.0828 4624 wmiApSrv - ok
14:37:30.0874 4624 WMPNetworkSvc - ok
14:37:30.0890 4624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:37:30.0890 4624 WPCSvc - ok
14:37:30.0952 4624 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:37:30.0968 4624 WPDBusEnum - ok
14:37:31.0030 4624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:37:31.0030 4624 ws2ifsl - ok
14:37:31.0030 4624 WSearch - ok
14:37:31.0077 4624 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:37:31.0093 4624 WudfPf - ok
14:37:31.0124 4624 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:37:31.0140 4624 WUDFRd - ok
14:37:31.0171 4624 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:37:31.0186 4624 wudfsvc - ok
14:37:31.0233 4624 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:37:31.0249 4624 WwanSvc - ok
14:37:31.0342 4624 ================ Scan global ===============================
14:37:31.0389 4624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:37:31.0420 4624 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:37:31.0452 4624 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:37:31.0483 4624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:37:31.0530 4624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:37:31.0530 4624 [Global] - ok
14:37:31.0530 4624 ================ Scan MBR ==================================
14:37:31.0545 4624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:37:31.0904 4624 \Device\Harddisk0\DR0 - ok
14:37:31.0904 4624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:37:34.0665 4624 \Device\Harddisk1\DR1 - ok
14:37:34.0681 4624 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
14:37:37.0832 4624 \Device\Harddisk2\DR2 - ok
14:37:37.0832 4624 ================ Scan VBR ==================================
14:37:37.0832 4624 [ 5714B0CB020CC834E357F9274598624C ] \Device\Harddisk0\DR0\Partition1
14:37:37.0832 4624 \Device\Harddisk0\DR0\Partition1 - ok
14:37:37.0848 4624 [ 5F2BED74F36EC3DB32BA1963FCFC6122 ] \Device\Harddisk1\DR1\Partition1
14:37:37.0848 4624 \Device\Harddisk1\DR1\Partition1 - ok
14:37:37.0848 4624 [ 220EF8066503965891248645F6094ADB ] \Device\Harddisk2\DR2\Partition1
14:37:37.0848 4624 \Device\Harddisk2\DR2\Partition1 - ok
14:37:37.0848 4624 ============================================================
14:37:37.0848 4624 Scan finished
14:37:37.0848 4624 ============================================================
14:37:37.0863 2420 Detected object count: 0
14:37:37.0863 2420 Actual detected object count: 0
 
RogueKiller report
RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alicia [Admin rights]
Mode : Scan -- Date : 11/01/2012 15:15:39
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] 5705054a908bd9b6497a733c59d62f0b
[BSP] c1d45984820b30ef5dcf8d298ab452d3 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293456 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 604071936 | Size: 10288 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Sony Storage Media USB Device +++++
--- User ---
[MBR] 799107f09c2c82bfad78442a3f54ea1c
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 48 | Size: 7647 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: VBTM Store'n'go USB Device +++++
--- User ---
[MBR] 0ae892f44e53a15b1ca8d6a025286c09
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3812 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
I'm still perplexed as to why I can't enable the web protection in MWB or Avira and why I can't start the Avast service at all.
Thank you for your help.

Here is the aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 15:17:52
-----------------------------
15:17:52.690 OS Version: Windows x64 6.1.7601 Service Pack 1
15:17:52.690 Number of processors: 2 586 0x170A
15:17:52.706 ComputerName: ALICIA-TOSHIBA UserName: Alicia
15:17:53.923 Initialize success
15:21:39.241 AVAST engine defs: 12110100
15:22:08.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:22:08.320 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
15:22:08.413 Disk 0 MBR read successfully
15:22:08.413 Disk 0 MBR scan
15:22:08.429 Disk 0 Windows 7 default MBR code
15:22:08.444 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:22:08.444 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293456 MB offset 3074048
15:22:08.476 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10288 MB offset 604071936
15:22:08.538 Disk 0 scanning C:\Windows\system32\drivers
15:22:20.129 Service scanning
15:22:49.582 Modules scanning
15:22:49.582 Disk 0 trace - called modules:
15:22:49.644 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:22:50.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057cd520]
15:22:50.159 3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004734050]
15:22:52.171 AVAST engine scan C:\Windows
15:22:55.697 AVAST engine scan C:\Windows\system32
15:26:07.141 AVAST engine scan C:\Windows\system32\drivers
15:26:20.870 AVAST engine scan C:\Users\Alicia
15:29:05.387 AVAST engine scan C:\ProgramData
15:31:09.377 Scan finished successfully
15:32:44.694 Disk 0 MBR has been saved successfully to "C:\Users\Alicia\Desktop\MBR.dat"
15:32:44.694 The log file has been saved successfully to "C:\Users\Alicia\Desktop\aswMBR.txt"
 
We'll get to it.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I don't know if this will help, but here is the MWB log file from the other night tha found and quarantined the 0access trojan.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.30.09
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Alicia :: ALICIA-TOSHIBA [administrator]
Protection: Disabled
10/30/2012 8:50:22 PM
mbam-log-2012-10-30 (20-50-22).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426509
Time elapsed: 51 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 10
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$20d4a7f492fc78f5ea441fc18ca4d600\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\MP3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\Shopping.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\ShoppingD.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TOSHIBA\Amazon\VOD.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
(end)
 
I tried to disable Avast, but AvastUI.exe*32 is still showing up in the task manager. Also, avgnt.exe*32 fpr Avira is running. I tried to end the processes but they both say Access is denied. Will this interfere with combofix?
 
ComboFix 12-10-31.03 - Alicia 11/01/2012 16:58:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2665 [GMT -4:00]
Running from: c:\users\Alicia\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\SPL1B00.tmp
c:\programdata\SPL1FC9.tmp
c:\programdata\SPL2B09.tmp
c:\programdata\SPL5410.tmp
c:\programdata\SPL5F9C.tmp
c:\programdata\SPL85B2.tmp
c:\programdata\SPLC024.tmp
c:\users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Cheryl\AppData\Local\assembly\tmp
c:\users\Cheryl\Documents\~WRL0003.tmp
c:\users\Cheryl\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 21:05 . 2012-11-01 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 21:05 . 2012-11-01 21:05 -------- d-----w- c:\users\Cheryl\AppData\Local\temp
2012-11-01 21:05 . 2012-11-01 21:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-01 21:02 . 2012-11-01 21:02 -------- d-----w- C:\FRST
2012-11-01 14:41 . 2012-11-01 14:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2012-11-01 14:38 . 2012-11-01 14:38 -------- d-----w- c:\users\Administrator\AppData\Local\AskToolbar
2012-10-31 19:34 . 2012-10-31 19:34 -------- d-----w- c:\users\Alicia\AppData\Roaming\f-secure
2012-10-31 19:33 . 2012-10-31 19:33 -------- d-----w- c:\programdata\F-Secure
2012-10-31 19:00 . 2012-10-31 19:41 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-10-31 04:40 . 2012-10-31 04:40 -------- d-----w- c:\users\Alicia\AppData\Local\AskToolbar
2012-10-31 04:40 . 2012-10-31 04:40 -------- d-----w- c:\program files (x86)\Ask.com
2012-10-31 04:33 . 2012-10-31 04:33 -------- d-----w- c:\users\Alicia\AppData\Roaming\Avira
2012-10-31 04:30 . 2012-10-31 04:37 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-31 04:30 . 2012-10-31 04:37 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-31 04:30 . 2011-12-09 16:40 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-31 04:30 . 2012-10-31 04:40 -------- d-----w- c:\programdata\Avira
2012-10-31 04:30 . 2012-10-31 04:30 -------- d-----w- c:\program files (x86)\Avira
2012-10-31 00:09 . 2012-10-31 00:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-31 00:07 . 2012-10-31 00:07 -------- d-----w- c:\users\Alicia\AppData\Roaming\SUPERAntiSpyware.com
2012-10-31 00:07 . 2012-10-31 00:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-30 23:13 . 2012-10-30 23:13 -------- d-----w- c:\users\Alicia\AppData\Roaming\Malwarebytes
2012-10-30 17:17 . 2010-12-07 01:24 27136 ----a-w- c:\windows\system32\rc4mon64.DLL
2012-10-28 23:53 . 2012-10-28 23:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-26 21:51 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B7A6FE2-C352-4BC7-8792-D70D4D8E2A11}\mpengine.dll
2012-10-19 22:33 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-19 22:33 . 2012-10-19 22:33 -------- d-----w- c:\program files\iPod
2012-10-19 22:33 . 2012-10-19 22:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-19 22:33 . 2012-10-19 22:33 -------- d-----w- c:\program files\iTunes
2012-10-19 22:33 . 2012-10-19 22:33 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 13:28 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 13:28 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 13:28 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 13:28 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 13:28 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 13:28 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 13:28 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 13:28 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 13:28 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:28 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 00:28 . 2012-06-09 20:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-10-19 00:28 . 2010-04-24 14:10 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-19 00:27 . 2010-06-03 16:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-19 00:27 . 2010-04-24 14:10 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-12 00:50 . 2010-04-28 12:47 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 13:11 . 2012-04-21 14:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 13:11 . 2011-05-24 11:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 00:52 . 2010-04-24 14:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-05 00:51 . 2010-05-19 11:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-05 00:51 . 2010-05-19 11:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-05 00:51 . 2012-05-22 23:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-29 23:54 . 2012-01-14 18:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 11:15 . 2012-09-25 23:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-25 23:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-25 23:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-25 23:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-25 23:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-25 23:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-25 23:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-25 23:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-25 23:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-25 23:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-25 23:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-25 23:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-25 23:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-25 23:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-25 23:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-25 23:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-25 23:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-25 23:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-25 23:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 23:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 23:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-25 23:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-11 21:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 21:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 21:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 21:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-28 23:30 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-07-21 13:55 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-07-21 13:55 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 13:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
"{2d914c15-11e5-93b4-ad21-35ba2aec33c8}"= "c:\program files (x86)\Ebates Cash Back Toolbar\Helper.dll" [2012-07-29 360960]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{2d914c15-11e5-93b4-ad21-35ba2aec33c8}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{DF2AC9C7-B823-5A04-250A-49A33EB21322}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{796E3F7C-B3A1-6094-41A6-21866FF2BAD6}]
2012-07-29 17:18 1624576 ----a-w- c:\program files (x86)\Ebates Cash Back Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 17:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{FC5405B9-EE85-8754-9D4F-9CC300948A6F}"= "c:\program files (x86)\Ebates Cash Back Toolbar\Toolbar.dll" [2012-07-29 1624576]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{fc5405b9-ee85-8754-9d4f-9cc300948a6f}]
[HKEY_CLASSES_ROOT\FCTB000100433.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B7FC277D-293F-2EF4-7566-EFC4F3B8AAAE}]
[HKEY_CLASSES_ROOT\FCTB000100433.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-08 14:57 220608 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-08 14:57 220608 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-08 14:57 220608 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-31 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2009-07-07 307880]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-31 348664]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-10-31 465360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-07-05 24576]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 40320]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2010-01-23 24600]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1255736]
R4 PingTaisWz;PingTaisWz;c:\programdata\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [2009-05-22 236928]
R4 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2012-10-31 27256]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-24 53488]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-31 86224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-03-06 134920]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 1053104]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [2007-05-29 33712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2011-01-14 286504]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2011-01-14 100128]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-09 803696]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-23 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 8704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 13:11]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532692124-1582512281-858999841-1000Core.job
- c:\users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 01:24]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532692124-1582512281-858999841-1000UA.job
- c:\users\Cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 01:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-08 14:57 244672 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-08 14:57 244672 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-08 14:57 244672 ----a-w- c:\users\Alicia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2009-07-07 455336]
"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2009-07-07 25256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: adp.com
Trusted Zone: adp.com\portal
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.111 192.168.1.110 4.2.2.2
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-32307482.sys
WebBrowser-{FC5405B9-EE85-8754-9D4F-9CC300948A6F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
.
**************************************************************************
.
Completion time: 2012-11-01 17:17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-01 21:17
.
Pre-Run: 142,828,867,584 bytes free
Post-Run: 143,083,978,752 bytes free
.
- - End Of File - - 28DBBD7DAAFC1073D5BECDDD0164B1F8
 
That looks good.

Now, you can't be running two AV programs, so you must uninstall either Avast or Avira.

Also uninstall Ask Toolbar, typical foistware.

Then let me know what the current issues are.
 
I don't have any internet access. Is it okay to run the system restore as stated above or should I wait for your instruction?
 
I get an error that says: failed to connect to a windows service: Windows could not connect to the System Event Notification Service service....
Also, Runtime Error! Program: c:\program Files (x86)\Lexmark 6500 Series\lxdfmon.exe. This application has requested the Runtime to terminate it in an unusual way.

When I try to uninstall the Avira SerchFree toolbar, it keeps saying that I need to close all browser windows to proceed, but I have not opened any. I can't get to the internet anyway.
Please advise.
 
I didn't get your reply until after I sent mine. I'm trying to do a restore right now. Hopefully then I will be able to start the Avast service and my computer will speed up a bit.
 
One thing at a time...
Did you use restore point created prior to running Combofix?
 
Yes, that was the only one I had on there.
It failed. Details: System Restore could not access a file. This is probably because an anti-virus program is running on the computer. Temporarily disable your antivirus program and retry System Restore (which I did and it failed again with the same message) An unspecified error occurred during System Restore. (0x80070005)
It says if I continue to see this error, try an advanced recovery method.
Help!
 
Good news :)

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Uninstall/reinstall Avast.

Let me know how it went.

Next....

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Back