|
#1
April 21st, 2012, 02:08 PM
|
||||
|
||||
|
Hijack Log of my daughter's laptop
Could someone please check this log of my daughter's laptop. It is running very slow and I have tried to clean everything up. don't know if there is something else wrong...
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:05:48 AM, on 4/21/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Jodi\AppData\Local\Temp\Temp1_hijackthis. zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12232 bytes Thanks 
|
|
#2
April 21st, 2012, 11:32 PM
|
||||
|
||||
|
Hello cherber,
Nothing amiss so far, so let's check in more detail. The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
April 22nd, 2012, 08:58 PM
|
||||
|
||||
|
otl.txt file:
OTL logfile created on: 4/22/2012 3:17:32 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jodi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.57% Memory free 3.49 Gb Paging File | 2.26 Gb Available in Paging File | 64.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.63 Gb Total Space | 250.08 Gb Free Space | 86.95% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: JODI-PC | User Name: Jodi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/22 15:17:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi\Downloads\OTL (1).exe PRC - [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/03/13 19:48:36 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/03/13 19:48:32 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2010/10/20 15:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe PRC - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgo oglenaclpluginchrome.dll MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf. dll MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avut il-51.dll MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avfo rmat-53.dll MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avco dec-53.dll MOD - [2012/04/12 02:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll MOD - [2012/03/13 19:48:32 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010/11/17 17:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/03/13 19:48:36 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/10/20 15:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/04/13 18:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/04/12 16:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/04/05 03:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/03/16 19:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/01 17:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/02/22 11:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/02/10 10:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/01/07 09:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010/12/14 22:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2008/07/26 18:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008/07/26 18:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2008/07/26 18:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2008/07/26 18:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {02976375-DE16-44EE-A6E3-9BCF225AD70E} IE:64bit: - HKLM\..\SearchScopes\{02976375-DE16-44EE-A6E3-9BCF225AD70E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA IE - HKLM\..\SearchScopes,DefaultScope = {1596106C-3549-4F28-9FF3-6A5317228E56} IE - HKLM\..\SearchScopes\{1596106C-3549-4F28-9FF3-6A5317228E56}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes,DefaultScope = {42BA5BEB-4D63-4D28-899C-690790BA8DF8} IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{1596106C-3549-4F28-9FF3-6A5317228E56}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{42BA5BEB-4D63-4D28-899C-690790BA8DF8}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA_enUS411US411 IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B0A31661-0B82-4DBD-AB28-38FC24D22491}&mid=b2fcc911074c47d684f5d16f2ab8d92e-38a04b73149aeefd96b877dcf7a7dc28d2efd3fc&lang=us&d s=AVG&pr=fr&d=2011-12-11 09:55:55&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/03 22:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/13 19:49:01 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf. dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\ CHR - Extension: Gmail = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg64.dll (Google Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8CCF6579-DF08-4A2C-B47B-B4BE4C232FE3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/21 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{5E6CA139-CAA3-45FB-8D33-3811E2E4DC30} [2012/04/21 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BB67FF5B-EEBB-479D-AFCC-AAF30709EB0D} [2012/04/21 09:59:59 | 000,000,000 | ---D | C] -- C:\windows\en [2012/04/21 09:33:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/21 09:28:59 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{24F6C90B-6F66-4140-A120-5A2034913538} [2012/04/21 09:28:28 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{37B0C806-4AB1-4FC5-A775-3B710F7872E1} [2012/04/18 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{A6EE9DB2-F5C8-45EC-8F43-869B5BA85E8C} [2012/04/18 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{9DE8961F-BFAB-4D09-9C49-7DEAACBD9E74} [2012/04/18 19:45:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64 [2012/04/18 19:45:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02 00060.016 [2012/04/18 19:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup [2012/04/18 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup [2012/04/18 19:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/04/18 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{ED2E4BC3-F2EF-4884-87F2-A5C28A5AA9A6} [2012/04/18 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{CF2F6F44-E9C8-44BE-8E81-2DC17504BC3B} [2012/04/18 19:12:38 | 000,000,000 | ---D | C] -- C:\sc16v180 [2012/04/18 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/04/18 16:24:31 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{09997B22-C071-499F-8807-570C588BE6A8} [2012/04/18 16:24:17 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{53DB6FD4-1D7F-4DED-86C9-F69B04D37D93} [2012/04/18 06:03:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/04/18 06:03:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/04/18 06:03:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/04/18 05:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{49A78553-4178-4C53-B89C-0CA421E167D1} [2012/04/18 05:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{5F5A7285-0870-4A9C-AA0B-87CB4A877F19} [2012/04/18 05:04:48 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{68446F58-A1E0-4325-9CE8-7C88CBCA3DF7} [2012/04/18 05:04:35 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{A9149F32-AB48-46C3-AB24-376B8BD3985D} [2012/04/18 04:41:38 | 000,000,000 | ---D | C] -- C:\464ab232e39f9d4b8f5607b746b55f [2012/04/18 04:41:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012/04/18 04:41:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2012/04/18 04:41:10 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys [2012/04/17 22:55:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/04/17 22:55:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/04/17 22:55:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/04/17 22:55:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/04/17 22:55:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/04/17 22:55:17 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/04/17 22:55:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/04/17 21:58:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{8102735E-A55D-437E-8B85-9D11015380B8} [2012/04/17 21:58:24 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{CABF6223-0E09-4A75-8D4A-173785B19235} [2012/04/17 21:08:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe [2012/04/17 21:08:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe [2012/04/17 21:08:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe [2012/04/17 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Roaming\InstallShield [2012/04/17 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BC6C57EF-8F93-4BEF-AE2C-595CC1055976} [2012/04/17 21:01:36 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BB42C074-8A05-4E32-B417-EEAB229C2145} [2012/04/17 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{9C550D9A-DB94-4B6A-AAFB-ACE37D601C00} [2012/04/17 17:43:34 | 000,000,000 | ---D | C] -- C:\c980bd9c0eabbfdd59ba [2012/04/14 19:01:58 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{F0C2EDA2-6C08-4A21-B913-C4FCA2BD699D} [2012/04/03 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{EB0AB13A-7B76-4BDC-B645-A25D604B38FE} [2012/04/02 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{C862856C-6D1E-43B7-9959-19D4846BFF40} [2012/04/02 20:42:51 | 000,000,000 | ---D | C] -- C:\f7f50d10e53733d1cd5aef1eaa409b67 [2012/03/25 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{0263B4BD-9E4B-4D5D-B891-E055DC9A26C7} [2012/03/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{4637CD6B-9AD0-4F26-9DB1-0C6081EDD156} [2012/03/25 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\ElevatedDiagnostics [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/22 15:22:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/22 15:22:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/22 15:19:49 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/22 15:11:16 | 095,913,577 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm [2012/04/22 15:10:23 | 000,345,110 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm [2012/04/22 15:07:57 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/22 15:07:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/21 14:40:50 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys [2012/04/21 08:58:21 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjw.avm [2012/04/18 20:17:33 | 384,956,636 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/04/17 21:08:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2012/04/17 21:08:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe [2012/04/17 21:08:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe [2012/04/17 21:08:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe [2012/04/02 20:47:00 | 000,620,036 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/04/02 20:47:00 | 000,104,578 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/18 20:17:33 | 384,956,636 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/04/18 19:45:02 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02 00060.016\isolate.ini [2011/02/11 17:46:38 | 000,000,368 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc [2011/01/21 11:14:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/06/28 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2010/06/28 04:47:32 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat < End of report >
|
|
#4
April 22nd, 2012, 09:00 PM
|
||||
|
||||
|
and the extras.txt:
OTL Extras logfile created on: 4/22/2012 3:17:32 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jodi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.57% Memory free 3.49 Gb Paging File | 2.26 Gb Available in Paging File | 64.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.63 Gb Total Space | 250.08 Gb Free Space | 86.95% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: JODI-PC | User Name: Jodi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64 "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{46786BEA-EA68-4A45-93C4-4A0D4E5A8C3C}" = AVG 2011 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2011 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech "{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese "{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek "{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard "{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center "{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian "{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French "{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding "{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean "{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All "{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German "{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English "{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ENTERPRISER" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "NortonPCCheckup" = Toshiba Laptop Checkup "TOSHIBA Game Console" = WildTangent ORB Game Console "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WT083877" = Chuzzle Deluxe "WT083885" = Zuma's Revenge "WT083898" = Virtual Villagers - The Secret City "WT083903" = Escape Rosecliff Island "WT083929" = Bejeweled 2 Deluxe "WT083957" = Jewel Quest 3 "WT083958" = Penguins! "WT083959" = Polar Bowler "WT083969" = Virtual Families "WT084018" = FATE - The Traitor Soul ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/6/2012 12:11:30 AM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5725 Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16099 Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16099 Error - 3/13/2012 8:00:01 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/13/2012 8:00:02 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16162 Error - 3/13/2012 8:00:02 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16162 Error - 3/15/2012 8:12:37 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/15/2012 8:12:39 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3650 Error - 3/15/2012 8:12:39 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3650 [ Media Center Events ] Error - 7/6/2011 9:54:29 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0 Description = 9:54:29 PM - Error connecting to the internet. 9:54:29 PM - Unable to contact server.. Error - 7/6/2011 9:54:44 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0 Description = 9:54:35 PM - Error connecting to the internet. 9:54:35 PM - Unable to contact server.. Error - 7/7/2011 3:46:40 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0 Description = 3:46:32 PM - Error connecting to the internet. 3:46:33 PM - Unable to contact server.. [ System Events ] Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:55:02 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 4/17/2012 8:55:02 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. < End of report >
|
|
#5
April 22nd, 2012, 10:10 PM
|
||||
|
||||
|
gmer:
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-22 17:08:47 Windows 6.1.7601 Service Pack 1 Running: 8ywlugz7.exe ---- Files - GMER 1.0.15 ---- File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\Td07Ay4TMuA[1].js 187300 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tfbimage[1].jpg 1785 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tfbimage[2].jpg 1795 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[1].php 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[2].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[2].php 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[3].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[3].php 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[4].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[4].php 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[5].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[5].php 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[6].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[7].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[8].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[9].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\wBBYAgOjf8k[1].png 777 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\widgets[1].css 373477 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=5[2].txt 25 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 3[1].txt 337 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 5[1].txt 347 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 9[1].txt 389 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 1[1].txt 166 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 5[1].txt 25 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 7[1].txt 336 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7[1].txt 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=8 2[1].txt 354 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\uVR6w3wRHEJ[1].gif 54 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=5;m=3;l=2850;c=13 2574;b=786159;ts=20110203220304;p=ui=Y29UFaO6DqEkZ B;tr=HPxVcYVhlmH;tm=0-0;cxt=99062005_2149605[1].htm 1506 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[1].png 1695 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[2].png 11084 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[3].png 5164 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[4].png 9225 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[5].png 9225 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\veapidelay[1].js 52875 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[1] 5827812 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[2] 3831612 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[3] 7802568 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[4] 11740247 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[5] 14108428 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\RRTr4vAva8F[1].png 124 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\watch[1].htm 136529 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\watch[2].htm 141605 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA1K6KD7.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA35SN2K.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA8J9O55.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA8R5FB8.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCABWTOYS.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCAGNAZTJ.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCAY5KWVO.h tm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[10].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[11].htm 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[3].js 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[4].js 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\nQo8LrNCPfQ[1].png 1134 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\NYKpPzcj59cwlx_webi mui[1].css 10927 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\OBaVg52wtTZ[1].png 42565 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\oSIGNUyWLnw[1].js 10225 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[1].js 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[2].htm 133 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[3].htm 133 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[4].htm 134 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\SmcAll.preie9[1].css 3807 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\STeWPW2kh0m[1].png 129 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\STND_MRWHPG_FY12_Bi ng_OIE9_Speed_160x600[1].swf 29503 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\st[5] 4318 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\s[1].htm 4990 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\T2B4EliLrbP[1].js 11242 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tag[1].js 0 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=8[2].txt 25 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\wlive[1].js 117456 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\WLWorkflow[1].js 204526 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\WsPnHs3HZtp[1].js 5860 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\pixel[1].gif 43 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\plx[1].gif 43 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\pqBnxEwQCId[1].png 1108 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[1].htm 200663 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[2].htm 254076 bytes File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[3].htm 293842 bytes ---- EOF - GMER 1.0.15 ----
|
|
#6
April 22nd, 2012, 11:33 PM
|
||||
|
||||
|
Looks like active infection is involved, but I would still like to see the aswMBR scan results please. I know it's a boatload of scanning and log posting, but it let's us get a handle on what all is there.
|
|
#9
April 27th, 2012, 10:34 AM
|
||||
|
||||
|
I have tried to run the aswMBR three times now and each time it runs for a bit and then crashes the computer. I can't read the message fully (it comes up in a blue screen of death window) because it shuts itself down and tries to restart to quickly. Then the restart takes so long, I give up everytime and just shut it down completely.
|
|
#10
April 28th, 2012, 12:02 AM
|
||||
|
||||
|
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.
Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller. In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested. When the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.
|
|
#11
April 29th, 2012, 11:21 PM
|
||||
|
||||
|
part one
18:06:50.0290 2800 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:06:50.0684 2800 ================================================== ========== 18:06:50.0684 2800 Current date / time: 2012/04/29 18:06:50.0684 18:06:50.0684 2800 SystemInfo: 18:06:50.0684 2800 18:06:50.0684 2800 OS Version: 6.1.7601 ServicePack: 1.0 18:06:50.0684 2800 Product type: Workstation 18:06:50.0684 2800 ComputerName: JODI-PC 18:06:50.0685 2800 UserName: Jodi 18:06:50.0685 2800 Windows directory: C:\windows 18:06:50.0685 2800 System windows directory: C:\windows 18:06:50.0685 2800 Running under WOW64 18:06:50.0685 2800 Processor architecture: Intel x64 18:06:50.0685 2800 Number of processors: 1 18:06:50.0685 2800 Page size: 0x1000 18:06:50.0685 2800 Boot type: Normal boot 18:06:50.0685 2800 ================================================== ========== 18:06:56.0690 2800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:06:56.0698 2800 ================================================== ========== 18:06:56.0698 2800 \Device\Harddisk0\DR0: 18:06:56.0698 2800 MBR partitions: 18:06:56.0698 2800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F42000 18:06:56.0698 2800 ================================================== ========== 18:06:56.0744 2800 C: <-> \Device\Harddisk0\DR0\Partition0 18:06:56.0744 2800 ================================================== ========== 18:06:56.0744 2800 Initialize success 18:06:56.0744 2800 ================================================== ========== 18:07:17.0281 4848 ================================================== ========== 18:07:17.0281 4848 Scan started 18:07:17.0281 4848 Mode: Manual; 18:07:17.0282 4848 ================================================== ========== 18:07:22.0676 4848 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 18:07:25.0585 4848 1394ohci - ok 18:07:25.0873 4848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 18:07:25.0907 4848 ACPI - ok 18:07:25.0972 4848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 18:07:26.0109 4848 AcpiPmi - ok 18:07:26.0464 4848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 18:07:26.0476 4848 adp94xx - ok 18:07:26.0571 4848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 18:07:26.0817 4848 adpahci - ok 18:07:27.0014 4848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 18:07:27.0017 4848 adpu320 - ok 18:07:27.0136 4848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 18:07:27.0138 4848 AeLookupSvc - ok 18:07:27.0484 4848 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 18:07:27.0491 4848 AFD - ok 18:07:28.0353 4848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 18:07:28.0767 4848 agp440 - ok 18:07:29.0159 4848 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 18:07:29.0162 4848 ALG - ok 18:07:29.0342 4848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 18:07:29.0343 4848 aliide - ok 18:07:30.0231 4848 AMD External Events Utility (57b773d82e8cc3c6d7e02cc8a6632043) C:\windows\system32\atiesrxx.exe 18:07:30.0249 4848 AMD External Events Utility - ok 18:07:30.0389 4848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 18:07:30.0391 4848 amdide - ok 18:07:30.0741 4848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 18:07:30.0743 4848 AmdK8 - ok 18:07:32.0811 4848 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys 18:07:33.0054 4848 amdkmdag - ok 18:07:33.0360 4848 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys 18:07:33.0363 4848 amdkmdap - ok 18:07:33.0444 4848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 18:07:33.0445 4848 AmdPPM - ok 18:07:33.0710 4848 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 18:07:33.0715 4848 amdsata - ok 18:07:34.0027 4848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 18:07:34.0032 4848 amdsbs - ok 18:07:34.0207 4848 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 18:07:34.0209 4848 amdxata - ok 18:07:34.0286 4848 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 18:07:34.0287 4848 AppID - ok 18:07:34.0325 4848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 18:07:34.0326 4848 AppIDSvc - ok 18:07:34.0628 4848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 18:07:34.0630 4848 Appinfo - ok 18:07:35.0033 4848 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:07:35.0041 4848 Apple Mobile Device - ok 18:07:35.0257 4848 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 18:07:35.0260 4848 arc - ok 18:07:35.0362 4848 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 18:07:35.0365 4848 arcsas - ok 18:07:35.0608 4848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 18:07:35.0631 4848 AsyncMac - ok 18:07:35.0722 4848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 18:07:35.0723 4848 atapi - ok 18:07:36.0199 4848 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys 18:07:36.0284 4848 athr - ok 18:07:36.0767 4848 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys 18:07:36.0768 4848 AtiPcie - ok 18:07:36.0982 4848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 18:07:36.0990 4848 AudioEndpointBuilder - ok 18:07:37.0002 4848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 18:07:37.0006 4848 AudioSrv - ok 18:07:38.0822 4848 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe 18:07:38.0825 4848 AVG Security Toolbar Service - ok 18:07:43.0019 4848 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 18:07:43.0416 4848 AVGIDSAgent - ok 18:07:45.0584 4848 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys 18:07:45.0586 4848 AVGIDSDriver - ok 18:07:46.0476 4848 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\windows\system32\DRIVERS\AVGIDSEH.Sys 18:07:46.0482 4848 AVGIDSEH - ok 18:07:48.0130 4848 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys 18:07:48.0330 4848 AVGIDSFilter - ok 18:07:48.0806 4848 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\windows\system32\DRIVERS\avgldx64.sys 18:07:48.0841 4848 Avgldx64 - ok 18:07:48.0901 4848 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\windows\system32\DRIVERS\avgmfx64.sys 18:07:48.0902 4848 Avgmfx64 - ok 18:07:48.0976 4848 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\windows\system32\DRIVERS\avgrkx64.sys 18:07:48.0977 4848 Avgrkx64 - ok 18:07:49.0996 4848 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\windows\system32\DRIVERS\avgtdia.sys 18:07:50.0088 4848 Avgtdia - ok 18:07:51.0009 4848 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe 18:07:51.0012 4848 avgwd - ok 18:07:51.0348 4848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 18:07:51.0350 4848 AxInstSV - ok 18:07:51.0423 4848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 18:07:51.0429 4848 b06bdrv - ok 18:07:52.0444 4848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 18:07:52.0455 4848 b57nd60a - ok 18:07:52.0647 4848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 18:07:52.0649 4848 BDESVC - ok 18:07:52.0835 4848 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 18:07:52.0836 4848 Beep - ok 18:07:53.0423 4848 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 18:07:53.0468 4848 BFE - ok 18:07:54.0302 4848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 18:07:54.0357 4848 BITS - ok 18:07:54.0723 4848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 18:07:54.0724 4848 blbdrive - ok 18:07:55.0446 4848 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 18:07:55.0450 4848 Bonjour Service - ok 18:07:56.0027 4848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 18:07:56.0028 4848 bowser - ok 18:07:56.0244 4848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 18:07:56.0246 4848 BrFiltLo - ok 18:07:56.0270 4848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 18:07:56.0271 4848 BrFiltUp - ok 18:07:56.0925 4848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 18:07:56.0929 4848 Browser - ok 18:07:57.0045 4848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 18:07:57.0049 4848 Brserid - ok 18:07:57.0114 4848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 18:07:57.0116 4848 BrSerWdm - ok 18:07:57.0869 4848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 18:07:57.0871 4848 BrUsbMdm - ok 18:07:58.0001 4848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 18:07:58.0002 4848 BrUsbSer - ok 18:07:58.0083 4848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 18:07:58.0084 4848 BTHMODEM - ok 18:07:58.0495 4848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 18:07:58.0498 4848 bthserv - ok 18:07:58.0576 4848 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 18:07:58.0578 4848 cdfs - ok 18:07:58.0712 4848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys 18:07:58.0716 4848 cdrom - ok 18:07:58.0795 4848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 18:07:58.0797 4848 CertPropSvc - ok 18:07:59.0120 4848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 18:07:59.0122 4848 circlass - ok 18:07:59.0393 4848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 18:07:59.0401 4848 CLFS - ok 18:08:00.0079 4848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 18:08:00.0106 4848 clr_optimization_v2.0.50727_32 - ok 18:08:00.0401 4848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe 18:08:00.0404 4848 clr_optimization_v2.0.50727_64 - ok 18:08:00.0781 4848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 18:08:00.0783 4848 clr_optimization_v4.0.30319_32 - ok 18:08:00.0851 4848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe 18:08:00.0854 4848 clr_optimization_v4.0.30319_64 - ok 18:08:01.0050 4848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 18:08:01.0052 4848 CmBatt - ok 18:08:01.0228 4848 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 18:08:01.0229 4848 cmdide - ok 18:08:01.0437 4848 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 18:08:01.0486 4848 CNG - ok 18:08:01.0787 4848 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys 18:08:01.0811 4848 CnxtHdAudService - ok 18:08:01.0918 4848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 18:08:01.0920 4848 Compbatt - ok 18:08:01.0977 4848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 18:08:01.0978 4848 CompositeBus - ok 18:08:02.0040 4848 COMSysApp - ok 18:08:02.0080 4848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 18:08:02.0081 4848 crcdisk - ok 18:08:02.0353 4848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 18:08:02.0358 4848 CryptSvc - ok 18:08:02.0668 4848 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\windows\system32\DRIVERS\dc3d.sys 18:08:02.0670 4848 dc3d - ok 18:08:02.0919 4848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 18:08:02.0932 4848 DcomLaunch - ok 18:08:03.0245 4848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 18:08:03.0253 4848 defragsvc - ok 18:08:03.0624 4848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 18:08:03.0627 4848 DfsC - ok 18:08:03.0728 4848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 18:08:03.0732 4848 Dhcp - ok 18:08:03.0802 4848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 18:08:03.0805 4848 discache - ok 18:08:03.0958 4848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 18:08:03.0961 4848 Disk - ok 18:08:04.0024 4848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 18:08:04.0028 4848 Dnscache - ok 18:08:04.0231 4848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 18:08:04.0239 4848 dot3svc - ok 18:08:04.0333 4848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 18:08:04.0336 4848 DPS - ok 18:08:04.0483 4848 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 18:08:04.0484 4848 drmkaud - ok 18:08:04.0663 4848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 18:08:04.0706 4848 DXGKrnl - ok 18:08:04.0756 4848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 18:08:04.0758 4848 EapHost - ok 18:08:05.0067 4848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 18:08:05.0168 4848 ebdrv - ok 18:08:05.0534 4848 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 18:08:05.0537 4848 EFS - ok 18:08:05.0884 4848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 18:08:05.0915 4848 ehRecvr - ok 18:08:05.0961 4848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 18:08:05.0963 4848 ehSched - ok 18:08:06.0243 4848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 18:08:06.0294 4848 elxstor - ok 18:08:06.0400 4848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 18:08:06.0411 4848 ErrDev - ok 18:08:06.0544 4848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 18:08:06.0554 4848 EventSystem - ok 18:08:06.0612 4848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 18:08:06.0614 4848 exfat - ok 18:08:06.0703 4848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 18:08:06.0709 4848 fastfat - ok 18:08:06.0904 4848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 18:08:06.0939 4848 Fax - ok 18:08:07.0049 4848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 18:08:07.0051 4848 fdc - ok 18:08:07.0135 4848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 18:08:07.0137 4848 fdPHost - ok 18:08:07.0198 4848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 18:08:07.0200 4848 FDResPub - ok 18:08:07.0346 4848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 18:08:07.0349 4848 FileInfo - ok 18:08:07.0381 4848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 18:08:07.0383 4848 Filetrace - ok 18:08:07.0440 4848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 18:08:07.0441 4848 flpydisk - ok 18:08:07.0697 4848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 18:08:07.0703 4848 FltMgr - ok 18:08:07.0891 4848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 18:08:07.0931 4848 FontCache - ok 18:08:08.0089 4848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe 18:08:08.0091 4848 FontCache3.0.0.0 - ok 18:08:08.0310 4848 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 18:08:08.0315 4848 FsDepends - ok 18:08:08.0452 4848 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 18:08:08.0509 4848 Fs_Rec - ok 18:08:08.0632 4848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 18:08:08.0637 4848 fvevol - ok 18:08:08.0693 4848 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys 18:08:08.0694 4848 FwLnk - ok 18:08:08.0944 4848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 18:08:08.0946 4848 gagp30kx - ok 18:08:09.0073 4848 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe 18:08:09.0079 4848 GameConsoleService - ok 18:08:09.0275 4848 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 18:08:09.0277 4848 GEARAspiWDM - ok 18:08:09.0449 4848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 18:08:09.0482 4848 gpsvc - ok 18:08:09.0790 4848 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:08:09.0794 4848 gupdate - ok 18:08:09.0986 4848 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:08:09.0989 4848 gupdatem - ok 18:08:10.0159 4848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:08:10.0163 4848 gusvc - ok 18:08:10.0244 4848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 18:08:10.0246 4848 hcw85cir - ok 18:08:10.0485 4848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 18:08:10.0510 4848 HdAudAddService - ok 18:08:10.0567 4848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 18:08:10.0569 4848 HDAudBus - ok 18:08:10.0691 4848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 18:08:10.0693 4848 HidBatt - ok 18:08:10.0715 4848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 18:08:10.0718 4848 HidBth - ok 18:08:10.0732 4848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 18:08:10.0733 4848 HidIr - ok 18:08:10.0807 4848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 18:08:10.0809 4848 hidserv - ok 18:08:10.0978 4848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 18:08:10.0980 4848 HidUsb - ok 18:08:11.0069 4848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 18:08:11.0072 4848 hkmsvc - ok 18:08:11.0138 4848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 18:08:11.0147 4848 HomeGroupListener - ok 18:08:11.0316 4848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 18:08:11.0325 4848 HomeGroupProvider - ok 18:08:11.0421 4848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 18:08:11.0424 4848 HpSAMD - ok 18:08:12.0070 4848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 18:08:12.0098 4848 HTTP - ok 18:08:12.0143 4848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 18:08:12.0144 4848 hwpolicy - ok 18:08:12.0381 4848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys 18:08:12.0413 4848 i8042prt - ok 18:08:16.0901 4848 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 18:08:16.0933 4848 iaStorV - ok 18:08:17.0875 4848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:08:18.0261 4848 idsvc - ok 18:08:18.0444 4848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 18:08:18.0447 4848 iirsp - ok 18:08:18.0922 4848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 18:08:18.0951 4848 IKEEXT - ok 18:08:19.0165 4848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 18:08:19.0167 4848 intelide - ok 18:08:19.0278 4848 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 18:08:19.0281 4848 intelppm - ok 18:08:19.0338 4848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 18:08:19.0341 4848 IPBusEnum - ok 18:08:19.0400 4848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 18:08:19.0402 4848 IpFilterDriver - ok 18:08:19.0633 4848 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 18:08:19.0647 4848 iphlpsvc - ok 18:08:19.0717 4848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 18:08:19.0718 4848 IPMIDRV - ok 18:08:19.0854 4848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 18:08:19.0858 4848 IPNAT - ok 18:08:20.0268 4848 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe 18:08:20.0299 4848 iPod Service - ok 18:08:20.0459 4848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 18:08:20.0461 4848 IRENUM - ok 18:08:20.0734 4848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 18:08:20.0736 4848 isapnp - ok 18:08:20.0881 4848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 18:08:20.0944 4848 iScsiPrt - ok 18:08:21.0140 4848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys 18:08:21.0142 4848 kbdclass - ok 18:08:21.0232 4848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 18:08:21.0233 4848 kbdhid - ok 18:08:21.0328 4848 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 18:08:21.0329 4848 KeyIso - ok 18:08:21.0390 4848 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 18:08:21.0400 4848 KSecDD - ok 18:08:21.0513 4848 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 18:08:21.0517 4848 KSecPkg - ok 18:08:21.0638 4848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 18:08:21.0640 4848 ksthunk - ok 18:08:21.0774 4848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 18:08:21.0807 4848 KtmRm - ok 18:08:21.0920 4848 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys 18:08:21.0922 4848 L1C - ok 18:08:22.0010 4848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 18:08:22.0020 4848 LanmanServer - ok 18:08:22.0086 4848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 18:08:22.0090 4848 LanmanWorkstation - ok 18:08:22.0280 4848 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 18:08:22.0283 4848 lltdio - ok 18:08:22.0358 4848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 18:08:22.0363 4848 lltdsvc - ok 18:08:22.0380 4848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 18:08:22.0382 4848 lmhosts - ok 18:08:22.0480 4848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 18:08:22.0484 4848 LSI_FC - ok 18:08:22.0622 4848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 18:08:22.0626 4848 LSI_SAS - ok 18:08:22.0650 4848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 18:08:22.0755 4848 LSI_SAS2 - ok 18:08:22.0865 4848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 18:08:22.0869 4848 LSI_SCSI - ok 18:08:22.0942 4848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 18:08:22.0944 4848 luafv - ok 18:08:23.0181 4848 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\windows\system32\DRIVERS\lv302a64.sys 18:08:23.0183 4848 lvpepf64 - ok 18:08:23.0362 4848 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\windows\system32\DRIVERS\lvrs64.sys 18:08:23.0379 4848 LVRS64 - ok 18:08:23.0611 4848 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys 18:08:23.0614 4848 LVUSBS64 - ok 18:08:23.0710 4848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 18:08:23.0713 4848 Mcx2Svc - ok 18:08:23.0787 4848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 18:08:23.0797 4848 megasas - ok 18:08:23.0869 4848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\Mega
|
|
#12
April 29th, 2012, 11:22 PM
|
||||
|
||||
|
part two
18:08:22.0942 4848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 18:08:22.0944 4848 luafv - ok 18:08:23.0181 4848 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\windows\system32\DRIVERS\lv302a64.sys 18:08:23.0183 4848 lvpepf64 - ok 18:08:23.0362 4848 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\windows\system32\DRIVERS\lvrs64.sys 18:08:23.0379 4848 LVRS64 - ok 18:08:23.0611 4848 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys 18:08:23.0614 4848 LVUSBS64 - ok 18:08:23.0710 4848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 18:08:23.0713 4848 Mcx2Svc - ok 18:08:23.0787 4848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 18:08:23.0797 4848 megasas - ok 18:08:23.0869 4848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 18:08:23.0877 4848 MegaSR - ok 18:08:24.0167 4848 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 18:08:24.0169 4848 Microsoft Office Groove Audit Service - ok 18:08:24.0408 4848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 18:08:24.0452 4848 MMCSS - ok 18:08:24.0732 4848 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 18:08:24.0734 4848 Modem - ok 18:08:25.0049 4848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 18:08:25.0051 4848 monitor - ok 18:08:25.0179 4848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 18:08:25.0182 4848 mouclass - ok 18:08:25.0499 4848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 18:08:25.0501 4848 mouhid - ok 18:08:25.0576 4848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 18:08:25.0578 4848 mountmgr - ok 18:08:25.0658 4848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 18:08:25.0661 4848 mpio - ok 18:08:25.0747 4848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 18:08:25.0749 4848 mpsdrv - ok 18:08:26.0002 4848 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 18:08:26.0056 4848 MpsSvc - ok 18:08:26.0153 4848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 18:08:26.0157 4848 MRxDAV - ok 18:08:26.0239 4848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 18:08:26.0241 4848 mrxsmb - ok 18:08:26.0345 4848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 18:08:26.0353 4848 mrxsmb10 - ok 18:08:26.0444 4848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 18:08:26.0450 4848 mrxsmb20 - ok 18:08:26.0562 4848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 18:08:26.0563 4848 msahci - ok 18:08:26.0630 4848 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 18:08:26.0632 4848 msdsm - ok 18:08:26.0803 4848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 18:08:26.0809 4848 MSDTC - ok 18:08:26.0880 4848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 18:08:26.0881 4848 Msfs - ok 18:08:26.0953 4848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 18:08:26.0954 4848 mshidkmdf - ok 18:08:27.0009 4848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 18:08:27.0010 4848 msisadrv - ok 18:08:27.0172 4848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 18:08:27.0178 4848 MSiSCSI - ok 18:08:27.0196 4848 msiserver - ok 18:08:27.0247 4848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 18:08:27.0248 4848 MSKSSRV - ok 18:08:27.0275 4848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 18:08:27.0276 4848 MSPCLOCK - ok 18:08:27.0286 4848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 18:08:27.0288 4848 MSPQM - ok 18:08:27.0418 4848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 18:08:27.0427 4848 MsRPC - ok 18:08:27.0502 4848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 18:08:27.0502 4848 mssmbios - ok 18:08:27.0666 4848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 18:08:27.0668 4848 MSTEE - ok 18:08:27.0724 4848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 18:08:27.0726 4848 MTConfig - ok 18:08:27.0762 4848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 18:08:27.0764 4848 Mup - ok 18:08:27.0871 4848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 18:08:27.0885 4848 napagent - ok 18:08:28.0211 4848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 18:08:28.0218 4848 NativeWifiP - ok 18:08:28.0570 4848 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 18:08:28.0637 4848 NDIS - ok 18:08:29.0115 4848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 18:08:29.0117 4848 NdisCap - ok 18:08:29.0310 4848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 18:08:29.0312 4848 NdisTapi - ok 18:08:29.0580 4848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 18:08:29.0582 4848 Ndisuio - ok 18:08:29.0910 4848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 18:08:29.0913 4848 NdisWan - ok 18:08:30.0013 4848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 18:08:30.0015 4848 NDProxy - ok 18:08:30.0116 4848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 18:08:30.0119 4848 NetBIOS - ok 18:08:30.0326 4848 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 18:08:30.0333 4848 NetBT - ok 18:08:30.0385 4848 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 18:08:30.0387 4848 Netlogon - ok 18:08:30.0474 4848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 18:08:30.0481 4848 Netman - ok 18:08:30.0524 4848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 18:08:30.0530 4848 netprofm - ok 18:08:30.0922 4848 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:08:30.0924 4848 NetTcpPortSharing - ok 18:08:31.0007 4848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 18:08:31.0009 4848 nfrd960 - ok 18:08:31.0269 4848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 18:08:31.0325 4848 NlaSvc - ok 18:08:31.0401 4848 Norton PC Checkup Application Launcher - ok 18:08:31.0567 4848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 18:08:31.0568 4848 Npfs - ok 18:08:31.0620 4848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 18:08:31.0622 4848 nsi - ok 18:08:31.0639 4848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 18:08:31.0639 4848 nsiproxy - ok 18:08:31.0744 4848 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 18:08:31.0803 4848 Ntfs - ok 18:08:32.0146 4848 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 18:08:32.0148 4848 Null - ok 18:08:32.0219 4848 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 18:08:32.0222 4848 nvraid - ok 18:08:32.0474 4848 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 18:08:32.0483 4848 nvstor - ok 18:08:32.0561 4848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 18:08:32.0564 4848 nv_agp - ok 18:08:33.0499 4848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:08:33.0525 4848 odserv - ok 18:08:33.0832 4848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 18:08:33.0834 4848 ohci1394 - ok 18:08:33.0917 4848 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:08:33.0920 4848 ose - ok 18:08:33.0984 4848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 18:08:33.0989 4848 p2pimsvc - ok 18:08:34.0332 4848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 18:08:34.0338 4848 p2psvc - ok 18:08:34.0553 4848 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 18:08:34.0606 4848 Parport - ok 18:08:34.0700 4848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 18:08:34.0701 4848 partmgr - ok 18:08:34.0779 4848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 18:08:34.0782 4848 PcaSvc - ok 18:08:35.0982 4848 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe 18:08:35.0986 4848 PCCUJobMgr - ok 18:08:36.0240 4848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 18:08:36.0245 4848 pci - ok 18:08:36.0528 4848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 18:08:36.0530 4848 pciide - ok 18:08:36.0636 4848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 18:08:36.0640 4848 pcmcia - ok 18:08:36.0675 4848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 18:08:36.0677 4848 pcw - ok 18:08:37.0038 4848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 18:08:37.0066 4848 PEAUTH - ok 18:08:37.0791 4848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 18:08:37.0792 4848 PerfHost - ok 18:08:38.0221 4848 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS 18:08:38.0291 4848 PID_PEPI - ok 18:08:39.0469 4848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 18:08:39.0507 4848 pla - ok 18:08:40.0051 4848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 18:08:40.0091 4848 PlugPlay - ok 18:08:41.0409 4848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 18:08:41.0411 4848 PNRPAutoReg - ok 18:08:41.0550 4848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 18:08:41.0555 4848 PNRPsvc - ok 18:08:41.0695 4848 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys 18:08:41.0697 4848 Point64 - ok 18:08:41.0806 4848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 18:08:41.0861 4848 PolicyAgent - ok 18:08:42.0117 4848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 18:08:42.0120 4848 Power - ok 18:08:42.0194 4848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 18:08:42.0196 4848 PptpMiniport - ok 18:08:42.0265 4848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 18:08:42.0266 4848 Processor - ok 18:08:42.0331 4848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 18:08:42.0351 4848 ProfSvc - ok 18:08:43.0179 4848 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 18:08:43.0183 4848 ProtectedStorage - ok 18:08:43.0381 4848 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 18:08:43.0384 4848 Psched - ok 18:08:43.0916 4848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 18:08:43.0965 4848 ql2300 - ok 18:08:45.0091 4848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 18:08:45.0094 4848 ql40xx - ok 18:08:45.0161 4848 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 18:08:45.0165 4848 QWAVE - ok 18:08:45.0198 4848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 18:08:45.0200 4848 QWAVEdrv - ok 18:08:45.0253 4848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 18:08:45.0254 4848 RasAcd - ok 18:08:45.0640 4848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 18:08:45.0641 4848 RasAgileVpn - ok 18:08:45.0811 4848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 18:08:45.0814 4848 RasAuto - ok 18:08:45.0865 4848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 18:08:45.0867 4848 Rasl2tp - ok 18:08:46.0370 4848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 18:08:46.0375 4848 RasMan - ok 18:08:46.0464 4848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 18:08:46.0465 4848 RasPppoe - ok 18:08:46.0499 4848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 18:08:46.0501 4848 RasSstp - ok 18:08:46.0939 4848 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 18:08:46.0943 4848 rdbss - ok 18:08:47.0135 4848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 18:08:47.0136 4848 rdpbus - ok 18:08:47.0166 4848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 18:08:47.0166 4848 RDPCDD - ok 18:08:47.0250 4848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 18:08:47.0251 4848 RDPENCDD - ok 18:08:47.0288 4848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 18:08:47.0288 4848 RDPREFMP - ok 18:08:47.0587 4848 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 18:08:47.0590 4848 RDPWD - ok 18:08:47.0695 4848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 18:08:47.0699 4848 rdyboost - ok 18:08:47.0923 4848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 18:08:47.0925 4848 RemoteAccess - ok 18:08:48.0254 4848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 18:08:48.0258 4848 RemoteRegistry - ok 18:08:48.0357 4848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 18:08:48.0359 4848 RpcEptMapper - ok 18:08:48.0408 4848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 18:08:48.0425 4848 RpcLocator - ok 18:08:48.0772 4848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 18:08:48.0778 4848 RpcSs - ok 18:08:49.0021 4848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 18:08:49.0023 4848 rspndr - ok 18:08:49.0144 4848 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys 18:08:49.0147 4848 RSUSBSTOR - ok 18:08:49.0198 4848 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 18:08:49.0200 4848 SamSs - ok 18:08:49.0253 4848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 18:08:49.0255 4848 sbp2port - ok 18:08:49.0496 4848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 18:08:49.0500 4848 SCardSvr - ok 18:08:49.0563 4848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 18:08:49.0564 4848 scfilter - ok 18:08:49.0645 4848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 18:08:49.0659 4848 Schedule - ok 18:08:49.0696 4848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 18:08:49.0697 4848 SCPolicySvc - ok 18:08:49.0724 4848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 18:08:49.0728 4848 SDRSVC - ok 18:08:49.0823 4848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 18:08:49.0824 4848 secdrv - ok 18:08:49.0856 4848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 18:08:49.0863 4848 seclogon - ok 18:08:49.0942 4848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 18:08:49.0945 4848 SENS - ok 18:08:49.0972 4848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 18:08:49.0974 4848 SensrSvc - ok 18:08:50.0006 4848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 18:08:50.0007 4848 Serenum - ok 18:08:50.0052 4848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 18:08:50.0054 4848 Serial - ok 18:08:50.0096 4848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 18:08:50.0097 4848 sermouse - ok 18:08:50.0156 4848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 18:08:50.0159 4848 SessionEnv - ok 18:08:50.0239 4848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 18:08:50.0240 4848 sffdisk - ok 18:08:50.0256 4848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 18:08:50.0257 4848 sffp_mmc - ok 18:08:50.0314 4848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 18:08:50.0315 4848 sffp_sd - ok 18:08:50.0350 4848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 18:08:50.0351 4848 sfloppy - ok 18:08:50.0398 4848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 18:08:50.0403 4848 SharedAccess - ok 18:08:50.0462 4848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 18:08:50.0468 4848 ShellHWDetection - ok 18:08:50.0502 4848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 18:08:50.0503 4848 SiSRaid2 - ok 18:08:50.0517 4848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 18:08:50.0519 4848 SiSRaid4 - ok 18:08:50.0816 4848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 18:08:50.0818 4848 Smb - ok 18:08:50.0915 4848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 18:08:50.0917 4848 SNMPTRAP - ok 18:08:51.0240 4848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 18:08:51.0241 4848 spldr - ok 18:08:51.0440 4848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 18:08:51.0448 4848 Spooler - ok 18:08:51.0608 4848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 18:08:51.0670 4848 sppsvc - ok 18:08:52.0428 4848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 18:08:52.0430 4848 sppuinotify - ok 18:08:52.0519 4848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 18:08:52.0526 4848 srv - ok 18:08:52.0841 4848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 18:08:52.0851 4848 srv2 - ok 18:08:53.0360 4848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 18:08:53.0379 4848 srvnet - ok 18:08:53.0803 4848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 18:08:53.0834 4848 SSDPSRV - ok 18:08:54.0147 4848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 18:08:54.0152 4848 SstpSvc - ok 18:08:54.0585 4848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 18:08:54.0587 4848 stexstor - ok 18:08:54.0936 4848 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 18:08:54.0937 4848 StillCam - ok 18:08:55.0998 4848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 18:08:56.0174 4848 stisvc - ok 18:08:56.0467 4848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 18:08:56.0552 4848 swenum - ok 18:08:57.0783 4848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 18:08:57.0807 4848 swprv - ok 18:08:58.0469 4848 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys 18:08:58.0477 4848 SynTP - ok 18:09:00.0033 4848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 18:09:00.0092 4848 SysMain - ok 18:09:00.0584 4848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 18:09:00.0590 4848 TabletInputService - ok 18:09:01.0245 4848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 18:09:01.0255 4848 TapiSrv - ok 18:09:01.0403 4848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 18:09:01.0409 4848 TBS - ok 18:09:03.0222 4848 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 18:09:03.0449 4848 Tcpip - ok 18:09:06.0287 4848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 18:09:06.0309 4848 TCPIP6 - ok 18:09:07.0354 4848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 18:09:07.0356 4848 tcpipreg - ok 18:09:07.0714 4848 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 18:09:07.0717 4848 tdcmdpst - ok 18:09:07.0776 4848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 18:09:07.0778 4848 TDPIPE - ok 18:09:07.0906 4848 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 18:09:07.0908 4848 TDTCP - ok 18:09:08.0165 4848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 18:09:08.0187 4848 tdx - ok 18:09:08.0289 4848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 18:09:08.0292 4848 TermDD - ok 18:09:09.0915 4848 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 18:09:09.0992 4848 TermService - ok 18:09:10.0170 4848 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 18:09:10.0192 4848 Themes - ok 18:09:10.0343 4848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 18:09:10.0345 4848 THREADORDER - ok 18:09:10.0627 4848 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe 18:09:10.0630 4848 TODDSrv - ok 18:09:11.0112 4848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 18:09:11.0118 4848 TrkWks - ok 18:09:11.0825 4848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 18:09:11.0830 4848 TrustedInstaller - ok 18:09:12.0081 4848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 18:09:12.0083 4848 tssecsrv - ok 18:09:12.0171 4848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 18:09:12.0174 4848 TsUsbFlt - ok 18:09:12.0482 4848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 18:09:12.0709 4848 tunnel - ok 18:09:13.0422 4848 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 18:09:13.0457 4848 TVALZ - ok 18:09:13.0523 4848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 18:09:13.0525 4848 uagp35 - ok 18:09:13.0669 4848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 18:09:13.0737 4848 udfs - ok 18:09:13.0961 4848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 18:09:13.0966 4848 UI0Detect - ok 18:09:14.0019 4848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 18:09:14.0021 4848 uliagpkx - ok 18:09:14.0272 4848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys 18:09:14.0277 4848 umbus - ok 18:09:14.0337 4848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 18:09:14.0338 4848 UmPass - ok 18:09:15.0507 4848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 18:09:15.0554 4848 upnphost - ok 18:09:15.0978 4848 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys 18:09:15.0981 4848 USBAAPL64 - ok 18:09:16.0056 4848 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys 18:09:16.0059 4848 usbaudio - ok 18:09:16.0113 4848 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 18:09:16.0115 4848 usbccgp - ok 18:09:16.0399 4848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 18:09:16.0401 4848 usbcir - ok 18:09:16.0508 4848 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 18:09:16.0509 4848 usbehci - ok 18:09:17.0749 4848 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 18:09:17.0761 4848 usbhub - ok 18:09:18.0237 4848 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 18:09:18.0239 4848 usbohci - ok 18:09:18.0420 4848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 18:09:18.0423 4848 usbprint - ok 18:09:18.0776 4848 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS 18:09:18.0784 4848 USBSTOR - ok 18:09:18.0862 4848 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 18:09:18.0864 4848 usbuhci - ok 18:09:19.0705 4848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys 18:09:19.0711 4848 usbvideo - ok 18:09:19.0796 4848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 18:09:19.0798 4848 UxSms - ok 18:09:20.0199 4848 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 18:09:20.0201 4848 VaultSvc - ok 18:09:20.0321 4848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 18:09:20.0324 4848 vdrvroot - ok 18:09:21.0121 4848 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 18:09:21.0326 4848 vds - ok 18:09:21.0625 4848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 18:09:21.0628 4848 vga - ok 18:09:21.0685 4848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 18:09:21.0687 4848 VgaSave - ok 18:09:22.0004 4848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 18:09:22.0023 4848 vhdmp - ok 18:09:22.0092 4848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 18:09:22.0093 4848 viaide - ok 18:09:22.0150 4848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 18:09:22.0152 4848 volmgr - ok 18:09:23.0032 4848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 18:09:23.0041 4848 volmgrx - ok 18:09:23.0142 4848 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 18:09:23.0218 4848 volsnap - ok 18:09:23.0446 4848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 18:09:23.0449 4848 vsmraid - ok 18:09:23.0966 4848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 18:09:24.0025 4848 VSS - ok 18:09:25.0273 4848 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe 18:09:25.0282 4848 vToolbarUpdater11.0.2 - ok 18:11:13.0612 4848 vwifibus - ok 18:11:22.0357 4848 vwififlt - ok 18:11:22.0367 4848 W32Time - ok 18:11:22.0381 4848 WacomPen - ok 18:11:39.0744 4848 WANARP - ok 18:11:48.0102 4848 Wanarpv6 - ok 18:12:27.0179 4848 WatAdminSvc - ok 18:12:27.0199 4848 wbengine - ok 18:12:27.0216 4848 WbioSrvc - ok 18:12:27.0226 4848 wcncsvc - ok 18:12:27.0236 4848 WcsPlugInService - ok 18:12:27.0246 4848 Wd - ok 18:12:27.0257 4848 Wdf01000 - ok 18:12:27.0267 4848 WdiServiceHost - ok 18:12:27.0277 4848 WdiSystemHost - ok 18:12:27.0286 4848 WebClient - ok 18:12:27.0297 4848 Wecsvc - ok 18:12:36.0042 4848 wercplsupport - ok 18:12:40.0460 4848 WerSvc - ok 18:12:49.0014 4848 WfpLwf - ok 18:12:49.0031 4848 WIMMount - ok 18:12:53.0249 4848 WinDefend - ok 18:12:57.0635 4848 WinHttpAutoProxySvc - ok 18:12:57.0652 4848 Winmgmt - ok 18:12:57.0667 4848 WinRM - ok 18:13:06.0033 4848 WinUsb - ok 18:13:06.0046 4848 Wlansvc - ok 18:13:06.0708 4848 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:13:06.0741 4848 wlcrasvc - ok 18:13:09.0240 4848 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:13:09.0357 4848 wlidsvc - ok 18:13:10.0549 4848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 18:13:10.0552 4848 WmiAcpi - ok 18:13:10.0795 4848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 18:13:10.0799 4848 wmiApSrv - ok 18:13:10.0889 4848 WMPNetworkSvc - ok 18:13:11.0139 4848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 18:13:11.0147 4848 WPCSvc - ok 18:13:11.0213 4848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 18:13:11.0217 4848 WPDBusEnum - ok 18:13:11.0263 4848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 18:13:11.0264 4848 ws2ifsl - ok 18:13:11.0288 4848 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 18:13:11.0290 4848 wscsvc - ok 18:13:11.0300 4848 WSearch - ok 18:13:11.0728 4848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 18:13:11.0780 4848 wuauserv - ok 18:13:12.0124 4848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 18:13:12.0126 4848 WudfPf - ok 18:13:12.0184 4848 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 18:13:12.0187 4848 WUDFRd - ok 18:13:12.0452 4848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 18:13:12.0457 4848 wudfsvc - ok 18:13:12.0508 4848 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 18:13:12.0512 4848 WwanSvc - ok 18:13:12.0581 4848 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 18:13:12.0645 4848 \Device\Harddisk0\DR0 - ok 18:13:12.0677 4848 Boot (0x1200) (0351a9e72a75d787111011edd080c168) \Device\Harddisk0\DR0\Partition0 18:13:12.0922 4848 \Device\Harddisk0\DR0\Partition0 - ok 18:13:12.0929 4848 ================================================== ========== 18:13:12.0929 4848 Scan finished 18:13:12.0929 4848 ================================================== ========== 18:13:12.0949 4632 Detected object count: 0 18:13:12.0949 4632 Actual detected object count: 0 18:18:22.0691 4924 Deinitialize success
|
|
#13
April 30th, 2012, 12:33 AM
|
||||
|
||||
|
Not something that locates. Let's run a repair scan that will also provide us with a fixit tool after, if needed.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#14
May 4th, 2012, 06:40 PM
|
||||
|
||||
|
whew finally...
ComboFix 12-05-04.01 - Jodi 05/04/2012 10:06:24.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.1005 [GMT -4:00] Running from: c:\users\Jodi\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 ))))))))))))))))))))))))))))))) . . 2012-05-03 21:47 . 2012-05-03 21:47 -------- d-----w- C:\2c4e8db24704d39d1b86190dac 2012-04-26 00:41 . 2012-04-26 00:41 -------- d-----w- C:\668266781936e39c4dd3c84be960ab 2012-04-21 13:59 . 2012-04-21 13:59 -------- d-----w- c:\windows\en 2012-04-21 13:34 . 2012-04-21 13:34 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll 2012-04-21 13:30 . 2012-04-21 13:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ebb217f31cd1fc202\MeshBetaRemover.exe 2012-04-21 13:30 . 2012-04-21 13:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\DSETUP.dll 2012-04-21 13:30 . 2012-04-21 13:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\DXSETUP.exe 2012-04-21 13:30 . 2012-04-21 13:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\dsetup32.dll 2012-04-18 23:45 . 2012-04-18 23:45 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64 2012-04-18 23:45 . 2012-04-18 23:45 -------- d-----w- c:\program files (x86)\Norton PC Checkup 2012-04-18 23:44 . 2012-04-18 23:44 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-04-18 23:12 . 2012-04-18 23:12 -------- d-----w- C:\sc16v180 2012-04-18 21:16 . 2012-04-18 21:16 -------- d-----w- c:\program files\CCleaner 2012-04-18 10:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-18 10:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-18 10:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-18 08:41 . 2012-04-18 08:41 -------- d-----w- C:\464ab232e39f9d4b8f5607b746b55f 2012-04-18 08:41 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-18 08:41 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-18 08:41 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-18 08:41 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-18 08:41 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-18 08:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-18 08:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-18 01:02 . 2012-04-18 01:02 -------- d-----w- c:\users\Jodi\AppData\Roaming\InstallShield 2012-04-17 21:43 . 2012-04-17 21:43 -------- d-----w- C:\c980bd9c0eabbfdd59ba . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-04-18 01:08 . 2011-09-26 21:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR 2012-02-17 06:38 . 2012-03-14 00:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-14 00:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-14 00:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-14 00:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-14 00:18 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 00:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-04-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg&inst=NzctNjM0Nzg1OTIwLVhPMTArMTItUUlYMSs0LV gyMDEwKzItRjEwTTEwRCsxLUxJQysyMi1GTDEwKzEtU1AxKzEt U1AxVEIrMS1TUDFTMisxLVNVRCsxLVRVRyszLVMxSSsxLVNVMy sxLUREVCs0Mjk0OTQ0MjYyLUREMTBGKzEtU1QxMEZBUFArMS1G MTBNMTJBTisxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLU YxME0xMkFUQisxLUYxME0xMkIrMS1GMTBUQisyLVNUMTBUQkYr MQ&prod=90&ver=10.0.1424" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 135664] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2012-04-26 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atip mdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 05:44] . 2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 05:44] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.facebook.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\P CCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUt il10d.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe . ************************************************** ************************ . Completion time: 2012-05-04 10:55:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-04 14:55 . Pre-Run: 267,523,530,752 bytes free Post-Run: 267,526,569,984 bytes free . - - End Of File - - C8EC8EF05B7FF26C058AEF9EA9778B03
|
|
#15
May 4th, 2012, 11:16 PM
|
||||
|
||||
|
By the looks of the last logs, AVG has been uninstalled. Please be sure to review changes with me here before making them - helps make the fix processes run smoother.
Nothing so far is showing the malware "hooks" with your browser that Gmer showed, so something still busy there. Code:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyOverride"=- "ProxyServer"=- Save this to your desktop as "fixer.reg" Be sure to include the "" quotes in the name. Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry. ----------- Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 05:03 PM.
