Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old April 21st, 2012, 02:08 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
Hijack Log of my daughter's laptop

Could someone please check this log of my daughter's laptop. It is running very slow and I have tried to clean everything up. don't know if there is something else wrong...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:48 AM, on 4/21/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jodi\AppData\Local\Temp\Temp1_hijackthis. zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12232 bytes

Thanks
Reply With Quote


  #2  
Old April 21st, 2012, 11:32 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
Hello cherber,

Nothing amiss so far, so let's check in more detail.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old April 22nd, 2012, 08:58 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
otl.txt file:

OTL logfile created on: 4/22/2012 3:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jodi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.57% Memory free
3.49 Gb Paging File | 2.26 Gb Available in Paging File | 64.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.63 Gb Total Space | 250.08 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JODI-PC | User Name: Jodi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/22 15:17:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi\Downloads\OTL (1).exe
PRC - [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/03/13 19:48:36 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/13 19:48:32 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/20 15:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
PRC - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppgo oglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf. dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avut il-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avfo rmat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avco dec-53.dll
MOD - [2012/04/12 02:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll
MOD - [2012/03/13 19:48:32 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/17 17:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/13 19:48:36 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/20 15:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/13 18:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 16:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/05 03:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 19:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 17:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 11:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 10:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 09:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/14 22:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/07/26 18:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 18:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 18:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 18:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {02976375-DE16-44EE-A6E3-9BCF225AD70E}
IE:64bit: - HKLM\..\SearchScopes\{02976375-DE16-44EE-A6E3-9BCF225AD70E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {1596106C-3549-4F28-9FF3-6A5317228E56}
IE - HKLM\..\SearchScopes\{1596106C-3549-4F28-9FF3-6A5317228E56}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes,DefaultScope = {42BA5BEB-4D63-4D28-899C-690790BA8DF8}
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{1596106C-3549-4F28-9FF3-6A5317228E56}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{42BA5BEB-4D63-4D28-899C-690790BA8DF8}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSNA_enUS411US411
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B0A31661-0B82-4DBD-AB28-38FC24D22491}&mid=b2fcc911074c47d684f5d16f2ab8d92e-38a04b73149aeefd96b877dcf7a7dc28d2efd3fc&lang=us&d s=AVG&pr=fr&d=2011-12-11 09:55:55&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/03 22:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/13 19:49:01 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3696825154-3721337811-861535189-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8CCF6579-DF08-4A2C-B47B-B4BE4C232FE3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{5E6CA139-CAA3-45FB-8D33-3811E2E4DC30}
[2012/04/21 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BB67FF5B-EEBB-479D-AFCC-AAF30709EB0D}
[2012/04/21 09:59:59 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/21 09:33:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/21 09:28:59 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{24F6C90B-6F66-4140-A120-5A2034913538}
[2012/04/21 09:28:28 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{37B0C806-4AB1-4FC5-A775-3B710F7872E1}
[2012/04/18 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{A6EE9DB2-F5C8-45EC-8F43-869B5BA85E8C}
[2012/04/18 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{9DE8961F-BFAB-4D09-9C49-7DEAACBD9E74}
[2012/04/18 19:45:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64
[2012/04/18 19:45:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02 00060.016
[2012/04/18 19:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup
[2012/04/18 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2012/04/18 19:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/04/18 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{ED2E4BC3-F2EF-4884-87F2-A5C28A5AA9A6}
[2012/04/18 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{CF2F6F44-E9C8-44BE-8E81-2DC17504BC3B}
[2012/04/18 19:12:38 | 000,000,000 | ---D | C] -- C:\sc16v180
[2012/04/18 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/18 16:24:31 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{09997B22-C071-499F-8807-570C588BE6A8}
[2012/04/18 16:24:17 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{53DB6FD4-1D7F-4DED-86C9-F69B04D37D93}
[2012/04/18 06:03:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/18 06:03:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/18 06:03:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/18 05:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{49A78553-4178-4C53-B89C-0CA421E167D1}
[2012/04/18 05:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{5F5A7285-0870-4A9C-AA0B-87CB4A877F19}
[2012/04/18 05:04:48 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{68446F58-A1E0-4325-9CE8-7C88CBCA3DF7}
[2012/04/18 05:04:35 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{A9149F32-AB48-46C3-AB24-376B8BD3985D}
[2012/04/18 04:41:38 | 000,000,000 | ---D | C] -- C:\464ab232e39f9d4b8f5607b746b55f
[2012/04/18 04:41:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/18 04:41:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/18 04:41:10 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/17 22:55:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/17 22:55:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/17 22:55:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/17 22:55:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/17 22:55:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/17 22:55:17 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/04/17 22:55:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/17 21:58:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{8102735E-A55D-437E-8B85-9D11015380B8}
[2012/04/17 21:58:24 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{CABF6223-0E09-4A75-8D4A-173785B19235}
[2012/04/17 21:08:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/04/17 21:08:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/04/17 21:08:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/04/17 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Roaming\InstallShield
[2012/04/17 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BC6C57EF-8F93-4BEF-AE2C-595CC1055976}
[2012/04/17 21:01:36 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{BB42C074-8A05-4E32-B417-EEAB229C2145}
[2012/04/17 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{9C550D9A-DB94-4B6A-AAFB-ACE37D601C00}
[2012/04/17 17:43:34 | 000,000,000 | ---D | C] -- C:\c980bd9c0eabbfdd59ba
[2012/04/14 19:01:58 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{F0C2EDA2-6C08-4A21-B913-C4FCA2BD699D}
[2012/04/03 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{EB0AB13A-7B76-4BDC-B645-A25D604B38FE}
[2012/04/02 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{C862856C-6D1E-43B7-9959-19D4846BFF40}
[2012/04/02 20:42:51 | 000,000,000 | ---D | C] -- C:\f7f50d10e53733d1cd5aef1eaa409b67
[2012/03/25 20:04:02 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{0263B4BD-9E4B-4D5D-B891-E055DC9A26C7}
[2012/03/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\{4637CD6B-9AD0-4F26-9DB1-0C6081EDD156}
[2012/03/25 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi\AppData\Local\ElevatedDiagnostics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 15:22:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 15:22:30 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 15:19:49 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 15:11:16 | 095,913,577 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/04/22 15:10:23 | 000,345,110 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/22 15:07:57 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 15:07:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/21 14:40:50 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/21 08:58:21 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjw.avm
[2012/04/18 20:17:33 | 384,956,636 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/17 21:08:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/04/17 21:08:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/04/17 21:08:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/04/17 21:08:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/04/02 20:47:00 | 000,620,036 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/02 20:47:00 | 000,104,578 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 20:17:33 | 384,956,636 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/04/18 19:45:02 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NortonPCCheckupx64\02 00060.016\isolate.ini
[2011/02/11 17:46:38 | 000,000,368 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
[2011/01/21 11:14:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/28 04:47:32 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

< End of report >
Reply With Quote
  #4  
Old April 22nd, 2012, 09:00 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
and the extras.txt:


OTL Extras logfile created on: 4/22/2012 3:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Jodi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.57% Memory free
3.49 Gb Paging File | 2.26 Gb Available in Paging File | 64.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.63 Gb Total Space | 250.08 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JODI-PC | User Name: Jodi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3696825154-3721337811-861535189-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{46786BEA-EA68-4A45-93C4-4A0D4E5A8C3C}" = AVG 2011
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"NortonPCCheckup" = Toshiba Laptop Checkup
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2012 12:11:30 AM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5725

Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16099

Error - 3/6/2012 7:26:36 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16099

Error - 3/13/2012 8:00:01 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/13/2012 8:00:02 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16162

Error - 3/13/2012 8:00:02 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16162

Error - 3/15/2012 8:12:37 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 8:12:39 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3650

Error - 3/15/2012 8:12:39 PM | Computer Name = Jodi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3650

[ Media Center Events ]
Error - 7/6/2011 9:54:29 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0
Description = 9:54:29 PM - Error connecting to the internet. 9:54:29 PM - Unable
to contact server..

Error - 7/6/2011 9:54:44 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0
Description = 9:54:35 PM - Error connecting to the internet. 9:54:35 PM - Unable
to contact server..

Error - 7/7/2011 3:46:40 PM | Computer Name = Jodi-PC | Source = MCUpdate | ID = 0
Description = 3:46:32 PM - Error connecting to the internet. 3:46:33 PM - Unable
to contact server..

[ System Events ]
Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:38:07 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:55:02 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/17/2012 8:55:02 PM | Computer Name = Jodi-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >
Reply With Quote
  #5  
Old April 22nd, 2012, 10:10 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-22 17:08:47
Windows 6.1.7601 Service Pack 1
Running: 8ywlugz7.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\Td07Ay4TMuA[1].js 187300 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tfbimage[1].jpg 1785 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tfbimage[2].jpg 1795 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[1].php 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[2].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[2].php 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[3].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[3].php 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[4].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[4].php 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[5].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[5].php 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[6].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[7].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[8].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[9].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\wBBYAgOjf8k[1].png 777 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\widgets[1].css 373477 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=5[2].txt 25 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 3[1].txt 337 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 5[1].txt 347 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=6 9[1].txt 389 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 1[1].txt 166 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 5[1].txt 25 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7 7[1].txt 336 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=7[1].txt 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=8 2[1].txt 354 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\uVR6w3wRHEJ[1].gif 54 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=5;m=3;l=2850;c=13 2574;b=786159;ts=20110203220304;p=ui=Y29UFaO6DqEkZ B;tr=HPxVcYVhlmH;tm=0-0;cxt=99062005_2149605[1].htm 1506 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[1].png 1695 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[2].png 11084 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[3].png 5164 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[4].png 9225 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\v=ap[5].png 9225 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\veapidelay[1].js 52875 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[1] 5827812 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[2] 3831612 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[3] 7802568 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[4] 11740247 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\videoplayback[5] 14108428 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\RRTr4vAva8F[1].png 124 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\watch[1].htm 136529 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\watch[2].htm 141605 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA1K6KD7.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA35SN2K.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA8J9O55.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCA8R5FB8.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCABWTOYS.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCAGNAZTJ.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfallCAY5KWVO.h tm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[10].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\waterfall[11].htm 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[3].js 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[4].js 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\nQo8LrNCPfQ[1].png 1134 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\NYKpPzcj59cwlx_webi mui[1].css 10927 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\OBaVg52wtTZ[1].png 42565 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\oSIGNUyWLnw[1].js 10225 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\partner[1].js 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[2].htm 133 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[3].htm 133 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\more[4].htm 134 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\SmcAll.preie9[1].css 3807 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\STeWPW2kh0m[1].png 129 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\STND_MRWHPG_FY12_Bi ng_OIE9_Speed_160x600[1].swf 29503 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\st[5] 4318 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\s[1].htm 4990 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\T2B4EliLrbP[1].js 11242 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\tag[1].js 0 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\p_100000201542516=8[2].txt 25 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\wlive[1].js 117456 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\WLWorkflow[1].js 204526 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\WsPnHs3HZtp[1].js 5860 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\pixel[1].gif 43 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\plx[1].gif 43 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\pqBnxEwQCId[1].png 1108 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[1].htm 200663 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[2].htm 254076 bytes
File C:\Users\Jodi\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\LJATQQTN\profile[3].htm 293842 bytes

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #6  
Old April 22nd, 2012, 11:33 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
Looks like active infection is involved, but I would still like to see the aswMBR scan results please. I know it's a boatload of scanning and log posting, but it let's us get a handle on what all is there.
Reply With Quote
  #7  
Old April 24th, 2012, 01:31 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
I am sorry it is taking me so long...I will do the last scan this eve and post it. Thank you sooo much for all your help!
Reply With Quote
  #8  
Old April 25th, 2012, 12:33 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
A OK. Just post when ready.
Reply With Quote
  #9  
Old April 27th, 2012, 10:34 AM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
I have tried to run the aswMBR three times now and each time it runs for a bit and then crashes the computer. I can't read the message fully (it comes up in a blue screen of death window) because it shuts itself down and tries to restart to quickly. Then the restart takes so long, I give up everytime and just shut it down completely.
Reply With Quote
  #10  
Old April 28th, 2012, 12:02 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.
Reply With Quote
  #11  
Old April 29th, 2012, 11:21 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
part one

18:06:50.0290 2800 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:06:50.0684 2800 ================================================== ==========
18:06:50.0684 2800 Current date / time: 2012/04/29 18:06:50.0684
18:06:50.0684 2800 SystemInfo:
18:06:50.0684 2800
18:06:50.0684 2800 OS Version: 6.1.7601 ServicePack: 1.0
18:06:50.0684 2800 Product type: Workstation
18:06:50.0684 2800 ComputerName: JODI-PC
18:06:50.0685 2800 UserName: Jodi
18:06:50.0685 2800 Windows directory: C:\windows
18:06:50.0685 2800 System windows directory: C:\windows
18:06:50.0685 2800 Running under WOW64
18:06:50.0685 2800 Processor architecture: Intel x64
18:06:50.0685 2800 Number of processors: 1
18:06:50.0685 2800 Page size: 0x1000
18:06:50.0685 2800 Boot type: Normal boot
18:06:50.0685 2800 ================================================== ==========
18:06:56.0690 2800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:06:56.0698 2800 ================================================== ==========
18:06:56.0698 2800 \Device\Harddisk0\DR0:
18:06:56.0698 2800 MBR partitions:
18:06:56.0698 2800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F42000
18:06:56.0698 2800 ================================================== ==========
18:06:56.0744 2800 C: <-> \Device\Harddisk0\DR0\Partition0
18:06:56.0744 2800 ================================================== ==========
18:06:56.0744 2800 Initialize success
18:06:56.0744 2800 ================================================== ==========
18:07:17.0281 4848 ================================================== ==========
18:07:17.0281 4848 Scan started
18:07:17.0281 4848 Mode: Manual;
18:07:17.0282 4848 ================================================== ==========
18:07:22.0676 4848 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:07:25.0585 4848 1394ohci - ok
18:07:25.0873 4848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:07:25.0907 4848 ACPI - ok
18:07:25.0972 4848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:07:26.0109 4848 AcpiPmi - ok
18:07:26.0464 4848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
18:07:26.0476 4848 adp94xx - ok
18:07:26.0571 4848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
18:07:26.0817 4848 adpahci - ok
18:07:27.0014 4848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
18:07:27.0017 4848 adpu320 - ok
18:07:27.0136 4848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:07:27.0138 4848 AeLookupSvc - ok
18:07:27.0484 4848 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:07:27.0491 4848 AFD - ok
18:07:28.0353 4848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:07:28.0767 4848 agp440 - ok
18:07:29.0159 4848 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:07:29.0162 4848 ALG - ok
18:07:29.0342 4848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:07:29.0343 4848 aliide - ok
18:07:30.0231 4848 AMD External Events Utility (57b773d82e8cc3c6d7e02cc8a6632043) C:\windows\system32\atiesrxx.exe
18:07:30.0249 4848 AMD External Events Utility - ok
18:07:30.0389 4848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:07:30.0391 4848 amdide - ok
18:07:30.0741 4848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
18:07:30.0743 4848 AmdK8 - ok
18:07:32.0811 4848 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
18:07:33.0054 4848 amdkmdag - ok
18:07:33.0360 4848 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
18:07:33.0363 4848 amdkmdap - ok
18:07:33.0444 4848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:07:33.0445 4848 AmdPPM - ok
18:07:33.0710 4848 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:07:33.0715 4848 amdsata - ok
18:07:34.0027 4848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
18:07:34.0032 4848 amdsbs - ok
18:07:34.0207 4848 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:07:34.0209 4848 amdxata - ok
18:07:34.0286 4848 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:07:34.0287 4848 AppID - ok
18:07:34.0325 4848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:07:34.0326 4848 AppIDSvc - ok
18:07:34.0628 4848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:07:34.0630 4848 Appinfo - ok
18:07:35.0033 4848 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:35.0041 4848 Apple Mobile Device - ok
18:07:35.0257 4848 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
18:07:35.0260 4848 arc - ok
18:07:35.0362 4848 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
18:07:35.0365 4848 arcsas - ok
18:07:35.0608 4848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:07:35.0631 4848 AsyncMac - ok
18:07:35.0722 4848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:07:35.0723 4848 atapi - ok
18:07:36.0199 4848 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
18:07:36.0284 4848 athr - ok
18:07:36.0767 4848 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
18:07:36.0768 4848 AtiPcie - ok
18:07:36.0982 4848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:07:36.0990 4848 AudioEndpointBuilder - ok
18:07:37.0002 4848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:07:37.0006 4848 AudioSrv - ok
18:07:38.0822 4848 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:07:38.0825 4848 AVG Security Toolbar Service - ok
18:07:43.0019 4848 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:07:43.0416 4848 AVGIDSAgent - ok
18:07:45.0584 4848 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
18:07:45.0586 4848 AVGIDSDriver - ok
18:07:46.0476 4848 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
18:07:46.0482 4848 AVGIDSEH - ok
18:07:48.0130 4848 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
18:07:48.0330 4848 AVGIDSFilter - ok
18:07:48.0806 4848 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\windows\system32\DRIVERS\avgldx64.sys
18:07:48.0841 4848 Avgldx64 - ok
18:07:48.0901 4848 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\windows\system32\DRIVERS\avgmfx64.sys
18:07:48.0902 4848 Avgmfx64 - ok
18:07:48.0976 4848 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\windows\system32\DRIVERS\avgrkx64.sys
18:07:48.0977 4848 Avgrkx64 - ok
18:07:49.0996 4848 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\windows\system32\DRIVERS\avgtdia.sys
18:07:50.0088 4848 Avgtdia - ok
18:07:51.0009 4848 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:07:51.0012 4848 avgwd - ok
18:07:51.0348 4848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:07:51.0350 4848 AxInstSV - ok
18:07:51.0423 4848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
18:07:51.0429 4848 b06bdrv - ok
18:07:52.0444 4848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:07:52.0455 4848 b57nd60a - ok
18:07:52.0647 4848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:07:52.0649 4848 BDESVC - ok
18:07:52.0835 4848 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:07:52.0836 4848 Beep - ok
18:07:53.0423 4848 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:07:53.0468 4848 BFE - ok
18:07:54.0302 4848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
18:07:54.0357 4848 BITS - ok
18:07:54.0723 4848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:07:54.0724 4848 blbdrive - ok
18:07:55.0446 4848 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:07:55.0450 4848 Bonjour Service - ok
18:07:56.0027 4848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:07:56.0028 4848 bowser - ok
18:07:56.0244 4848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:07:56.0246 4848 BrFiltLo - ok
18:07:56.0270 4848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:07:56.0271 4848 BrFiltUp - ok
18:07:56.0925 4848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:07:56.0929 4848 Browser - ok
18:07:57.0045 4848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:07:57.0049 4848 Brserid - ok
18:07:57.0114 4848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:07:57.0116 4848 BrSerWdm - ok
18:07:57.0869 4848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:07:57.0871 4848 BrUsbMdm - ok
18:07:58.0001 4848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:07:58.0002 4848 BrUsbSer - ok
18:07:58.0083 4848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
18:07:58.0084 4848 BTHMODEM - ok
18:07:58.0495 4848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:07:58.0498 4848 bthserv - ok
18:07:58.0576 4848 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:07:58.0578 4848 cdfs - ok
18:07:58.0712 4848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
18:07:58.0716 4848 cdrom - ok
18:07:58.0795 4848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:07:58.0797 4848 CertPropSvc - ok
18:07:59.0120 4848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
18:07:59.0122 4848 circlass - ok
18:07:59.0393 4848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:07:59.0401 4848 CLFS - ok
18:08:00.0079 4848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
18:08:00.0106 4848 clr_optimization_v2.0.50727_32 - ok
18:08:00.0401 4848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe
18:08:00.0404 4848 clr_optimization_v2.0.50727_64 - ok
18:08:00.0781 4848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
18:08:00.0783 4848 clr_optimization_v4.0.30319_32 - ok
18:08:00.0851 4848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
18:08:00.0854 4848 clr_optimization_v4.0.30319_64 - ok
18:08:01.0050 4848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:08:01.0052 4848 CmBatt - ok
18:08:01.0228 4848 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:08:01.0229 4848 cmdide - ok
18:08:01.0437 4848 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:08:01.0486 4848 CNG - ok
18:08:01.0787 4848 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
18:08:01.0811 4848 CnxtHdAudService - ok
18:08:01.0918 4848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
18:08:01.0920 4848 Compbatt - ok
18:08:01.0977 4848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
18:08:01.0978 4848 CompositeBus - ok
18:08:02.0040 4848 COMSysApp - ok
18:08:02.0080 4848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
18:08:02.0081 4848 crcdisk - ok
18:08:02.0353 4848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:08:02.0358 4848 CryptSvc - ok
18:08:02.0668 4848 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\windows\system32\DRIVERS\dc3d.sys
18:08:02.0670 4848 dc3d - ok
18:08:02.0919 4848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:08:02.0932 4848 DcomLaunch - ok
18:08:03.0245 4848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:08:03.0253 4848 defragsvc - ok
18:08:03.0624 4848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:08:03.0627 4848 DfsC - ok
18:08:03.0728 4848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:08:03.0732 4848 Dhcp - ok
18:08:03.0802 4848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:08:03.0805 4848 discache - ok
18:08:03.0958 4848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
18:08:03.0961 4848 Disk - ok
18:08:04.0024 4848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:08:04.0028 4848 Dnscache - ok
18:08:04.0231 4848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:08:04.0239 4848 dot3svc - ok
18:08:04.0333 4848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:08:04.0336 4848 DPS - ok
18:08:04.0483 4848 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:08:04.0484 4848 drmkaud - ok
18:08:04.0663 4848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:08:04.0706 4848 DXGKrnl - ok
18:08:04.0756 4848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:08:04.0758 4848 EapHost - ok
18:08:05.0067 4848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
18:08:05.0168 4848 ebdrv - ok
18:08:05.0534 4848 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:08:05.0537 4848 EFS - ok
18:08:05.0884 4848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:08:05.0915 4848 ehRecvr - ok
18:08:05.0961 4848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:08:05.0963 4848 ehSched - ok
18:08:06.0243 4848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
18:08:06.0294 4848 elxstor - ok
18:08:06.0400 4848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:08:06.0411 4848 ErrDev - ok
18:08:06.0544 4848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:08:06.0554 4848 EventSystem - ok
18:08:06.0612 4848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:08:06.0614 4848 exfat - ok
18:08:06.0703 4848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:08:06.0709 4848 fastfat - ok
18:08:06.0904 4848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:08:06.0939 4848 Fax - ok
18:08:07.0049 4848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
18:08:07.0051 4848 fdc - ok
18:08:07.0135 4848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:08:07.0137 4848 fdPHost - ok
18:08:07.0198 4848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:08:07.0200 4848 FDResPub - ok
18:08:07.0346 4848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:08:07.0349 4848 FileInfo - ok
18:08:07.0381 4848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:08:07.0383 4848 Filetrace - ok
18:08:07.0440 4848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
18:08:07.0441 4848 flpydisk - ok
18:08:07.0697 4848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:08:07.0703 4848 FltMgr - ok
18:08:07.0891 4848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:08:07.0931 4848 FontCache - ok
18:08:08.0089 4848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
18:08:08.0091 4848 FontCache3.0.0.0 - ok
18:08:08.0310 4848 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:08:08.0315 4848 FsDepends - ok
18:08:08.0452 4848 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:08:08.0509 4848 Fs_Rec - ok
18:08:08.0632 4848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:08:08.0637 4848 fvevol - ok
18:08:08.0693 4848 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
18:08:08.0694 4848 FwLnk - ok
18:08:08.0944 4848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
18:08:08.0946 4848 gagp30kx - ok
18:08:09.0073 4848 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
18:08:09.0079 4848 GameConsoleService - ok
18:08:09.0275 4848 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:09.0277 4848 GEARAspiWDM - ok
18:08:09.0449 4848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:08:09.0482 4848 gpsvc - ok
18:08:09.0790 4848 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:09.0794 4848 gupdate - ok
18:08:09.0986 4848 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:08:09.0989 4848 gupdatem - ok
18:08:10.0159 4848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:08:10.0163 4848 gusvc - ok
18:08:10.0244 4848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:08:10.0246 4848 hcw85cir - ok
18:08:10.0485 4848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:08:10.0510 4848 HdAudAddService - ok
18:08:10.0567 4848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
18:08:10.0569 4848 HDAudBus - ok
18:08:10.0691 4848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
18:08:10.0693 4848 HidBatt - ok
18:08:10.0715 4848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
18:08:10.0718 4848 HidBth - ok
18:08:10.0732 4848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
18:08:10.0733 4848 HidIr - ok
18:08:10.0807 4848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:08:10.0809 4848 hidserv - ok
18:08:10.0978 4848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:08:10.0980 4848 HidUsb - ok
18:08:11.0069 4848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:08:11.0072 4848 hkmsvc - ok
18:08:11.0138 4848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:08:11.0147 4848 HomeGroupListener - ok
18:08:11.0316 4848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:08:11.0325 4848 HomeGroupProvider - ok
18:08:11.0421 4848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:08:11.0424 4848 HpSAMD - ok
18:08:12.0070 4848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:08:12.0098 4848 HTTP - ok
18:08:12.0143 4848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:08:12.0144 4848 hwpolicy - ok
18:08:12.0381 4848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
18:08:12.0413 4848 i8042prt - ok
18:08:16.0901 4848 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:08:16.0933 4848 iaStorV - ok
18:08:17.0875 4848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:08:18.0261 4848 idsvc - ok
18:08:18.0444 4848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
18:08:18.0447 4848 iirsp - ok
18:08:18.0922 4848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:08:18.0951 4848 IKEEXT - ok
18:08:19.0165 4848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:08:19.0167 4848 intelide - ok
18:08:19.0278 4848 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:08:19.0281 4848 intelppm - ok
18:08:19.0338 4848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:08:19.0341 4848 IPBusEnum - ok
18:08:19.0400 4848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:08:19.0402 4848 IpFilterDriver - ok
18:08:19.0633 4848 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:08:19.0647 4848 iphlpsvc - ok
18:08:19.0717 4848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:08:19.0718 4848 IPMIDRV - ok
18:08:19.0854 4848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:08:19.0858 4848 IPNAT - ok
18:08:20.0268 4848 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
18:08:20.0299 4848 iPod Service - ok
18:08:20.0459 4848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:08:20.0461 4848 IRENUM - ok
18:08:20.0734 4848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:08:20.0736 4848 isapnp - ok
18:08:20.0881 4848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:08:20.0944 4848 iScsiPrt - ok
18:08:21.0140 4848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
18:08:21.0142 4848 kbdclass - ok
18:08:21.0232 4848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:08:21.0233 4848 kbdhid - ok
18:08:21.0328 4848 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:08:21.0329 4848 KeyIso - ok
18:08:21.0390 4848 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:08:21.0400 4848 KSecDD - ok
18:08:21.0513 4848 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:08:21.0517 4848 KSecPkg - ok
18:08:21.0638 4848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:08:21.0640 4848 ksthunk - ok
18:08:21.0774 4848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:08:21.0807 4848 KtmRm - ok
18:08:21.0920 4848 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
18:08:21.0922 4848 L1C - ok
18:08:22.0010 4848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
18:08:22.0020 4848 LanmanServer - ok
18:08:22.0086 4848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:08:22.0090 4848 LanmanWorkstation - ok
18:08:22.0280 4848 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:08:22.0283 4848 lltdio - ok
18:08:22.0358 4848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:08:22.0363 4848 lltdsvc - ok
18:08:22.0380 4848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:08:22.0382 4848 lmhosts - ok
18:08:22.0480 4848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
18:08:22.0484 4848 LSI_FC - ok
18:08:22.0622 4848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
18:08:22.0626 4848 LSI_SAS - ok
18:08:22.0650 4848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:08:22.0755 4848 LSI_SAS2 - ok
18:08:22.0865 4848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:08:22.0869 4848 LSI_SCSI - ok
18:08:22.0942 4848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:08:22.0944 4848 luafv - ok
18:08:23.0181 4848 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\windows\system32\DRIVERS\lv302a64.sys
18:08:23.0183 4848 lvpepf64 - ok
18:08:23.0362 4848 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\windows\system32\DRIVERS\lvrs64.sys
18:08:23.0379 4848 LVRS64 - ok
18:08:23.0611 4848 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys
18:08:23.0614 4848 LVUSBS64 - ok
18:08:23.0710 4848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:08:23.0713 4848 Mcx2Svc - ok
18:08:23.0787 4848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:08:23.0797 4848 megasas - ok
18:08:23.0869 4848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\Mega
Reply With Quote
  #12  
Old April 29th, 2012, 11:22 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
part two

18:08:22.0942 4848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:08:22.0944 4848 luafv - ok
18:08:23.0181 4848 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\windows\system32\DRIVERS\lv302a64.sys
18:08:23.0183 4848 lvpepf64 - ok
18:08:23.0362 4848 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\windows\system32\DRIVERS\lvrs64.sys
18:08:23.0379 4848 LVRS64 - ok
18:08:23.0611 4848 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys
18:08:23.0614 4848 LVUSBS64 - ok
18:08:23.0710 4848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:08:23.0713 4848 Mcx2Svc - ok
18:08:23.0787 4848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:08:23.0797 4848 megasas - ok
18:08:23.0869 4848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
18:08:23.0877 4848 MegaSR - ok
18:08:24.0167 4848 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:08:24.0169 4848 Microsoft Office Groove Audit Service - ok
18:08:24.0408 4848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:08:24.0452 4848 MMCSS - ok
18:08:24.0732 4848 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:08:24.0734 4848 Modem - ok
18:08:25.0049 4848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:08:25.0051 4848 monitor - ok
18:08:25.0179 4848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:08:25.0182 4848 mouclass - ok
18:08:25.0499 4848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:08:25.0501 4848 mouhid - ok
18:08:25.0576 4848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:08:25.0578 4848 mountmgr - ok
18:08:25.0658 4848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:08:25.0661 4848 mpio - ok
18:08:25.0747 4848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:08:25.0749 4848 mpsdrv - ok
18:08:26.0002 4848 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:08:26.0056 4848 MpsSvc - ok
18:08:26.0153 4848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:08:26.0157 4848 MRxDAV - ok
18:08:26.0239 4848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:08:26.0241 4848 mrxsmb - ok
18:08:26.0345 4848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:08:26.0353 4848 mrxsmb10 - ok
18:08:26.0444 4848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:08:26.0450 4848 mrxsmb20 - ok
18:08:26.0562 4848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:08:26.0563 4848 msahci - ok
18:08:26.0630 4848 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:08:26.0632 4848 msdsm - ok
18:08:26.0803 4848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:08:26.0809 4848 MSDTC - ok
18:08:26.0880 4848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:08:26.0881 4848 Msfs - ok
18:08:26.0953 4848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:08:26.0954 4848 mshidkmdf - ok
18:08:27.0009 4848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:08:27.0010 4848 msisadrv - ok
18:08:27.0172 4848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:08:27.0178 4848 MSiSCSI - ok
18:08:27.0196 4848 msiserver - ok
18:08:27.0247 4848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:08:27.0248 4848 MSKSSRV - ok
18:08:27.0275 4848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:08:27.0276 4848 MSPCLOCK - ok
18:08:27.0286 4848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:08:27.0288 4848 MSPQM - ok
18:08:27.0418 4848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:08:27.0427 4848 MsRPC - ok
18:08:27.0502 4848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
18:08:27.0502 4848 mssmbios - ok
18:08:27.0666 4848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:08:27.0668 4848 MSTEE - ok
18:08:27.0724 4848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
18:08:27.0726 4848 MTConfig - ok
18:08:27.0762 4848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:08:27.0764 4848 Mup - ok
18:08:27.0871 4848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:08:27.0885 4848 napagent - ok
18:08:28.0211 4848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:08:28.0218 4848 NativeWifiP - ok
18:08:28.0570 4848 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:08:28.0637 4848 NDIS - ok
18:08:29.0115 4848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:08:29.0117 4848 NdisCap - ok
18:08:29.0310 4848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:08:29.0312 4848 NdisTapi - ok
18:08:29.0580 4848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:08:29.0582 4848 Ndisuio - ok
18:08:29.0910 4848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:08:29.0913 4848 NdisWan - ok
18:08:30.0013 4848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:08:30.0015 4848 NDProxy - ok
18:08:30.0116 4848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:08:30.0119 4848 NetBIOS - ok
18:08:30.0326 4848 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:08:30.0333 4848 NetBT - ok
18:08:30.0385 4848 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:08:30.0387 4848 Netlogon - ok
18:08:30.0474 4848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:08:30.0481 4848 Netman - ok
18:08:30.0524 4848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:08:30.0530 4848 netprofm - ok
18:08:30.0922 4848 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:30.0924 4848 NetTcpPortSharing - ok
18:08:31.0007 4848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
18:08:31.0009 4848 nfrd960 - ok
18:08:31.0269 4848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:08:31.0325 4848 NlaSvc - ok
18:08:31.0401 4848 Norton PC Checkup Application Launcher - ok
18:08:31.0567 4848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:08:31.0568 4848 Npfs - ok
18:08:31.0620 4848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:08:31.0622 4848 nsi - ok
18:08:31.0639 4848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:08:31.0639 4848 nsiproxy - ok
18:08:31.0744 4848 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:08:31.0803 4848 Ntfs - ok
18:08:32.0146 4848 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:08:32.0148 4848 Null - ok
18:08:32.0219 4848 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:08:32.0222 4848 nvraid - ok
18:08:32.0474 4848 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:08:32.0483 4848 nvstor - ok
18:08:32.0561 4848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:08:32.0564 4848 nv_agp - ok
18:08:33.0499 4848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:08:33.0525 4848 odserv - ok
18:08:33.0832 4848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:08:33.0834 4848 ohci1394 - ok
18:08:33.0917 4848 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:33.0920 4848 ose - ok
18:08:33.0984 4848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:08:33.0989 4848 p2pimsvc - ok
18:08:34.0332 4848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:08:34.0338 4848 p2psvc - ok
18:08:34.0553 4848 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
18:08:34.0606 4848 Parport - ok
18:08:34.0700 4848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:08:34.0701 4848 partmgr - ok
18:08:34.0779 4848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:08:34.0782 4848 PcaSvc - ok
18:08:35.0982 4848 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
18:08:35.0986 4848 PCCUJobMgr - ok
18:08:36.0240 4848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:08:36.0245 4848 pci - ok
18:08:36.0528 4848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:08:36.0530 4848 pciide - ok
18:08:36.0636 4848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
18:08:36.0640 4848 pcmcia - ok
18:08:36.0675 4848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:08:36.0677 4848 pcw - ok
18:08:37.0038 4848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:08:37.0066 4848 PEAUTH - ok
18:08:37.0791 4848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:08:37.0792 4848 PerfHost - ok
18:08:38.0221 4848 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS
18:08:38.0291 4848 PID_PEPI - ok
18:08:39.0469 4848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:08:39.0507 4848 pla - ok
18:08:40.0051 4848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:08:40.0091 4848 PlugPlay - ok
18:08:41.0409 4848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:08:41.0411 4848 PNRPAutoReg - ok
18:08:41.0550 4848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:08:41.0555 4848 PNRPsvc - ok
18:08:41.0695 4848 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
18:08:41.0697 4848 Point64 - ok
18:08:41.0806 4848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:08:41.0861 4848 PolicyAgent - ok
18:08:42.0117 4848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:08:42.0120 4848 Power - ok
18:08:42.0194 4848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:08:42.0196 4848 PptpMiniport - ok
18:08:42.0265 4848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
18:08:42.0266 4848 Processor - ok
18:08:42.0331 4848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:08:42.0351 4848 ProfSvc - ok
18:08:43.0179 4848 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:08:43.0183 4848 ProtectedStorage - ok
18:08:43.0381 4848 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:08:43.0384 4848 Psched - ok
18:08:43.0916 4848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
18:08:43.0965 4848 ql2300 - ok
18:08:45.0091 4848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
18:08:45.0094 4848 ql40xx - ok
18:08:45.0161 4848 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:08:45.0165 4848 QWAVE - ok
18:08:45.0198 4848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:08:45.0200 4848 QWAVEdrv - ok
18:08:45.0253 4848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:08:45.0254 4848 RasAcd - ok
18:08:45.0640 4848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:08:45.0641 4848 RasAgileVpn - ok
18:08:45.0811 4848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:08:45.0814 4848 RasAuto - ok
18:08:45.0865 4848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:08:45.0867 4848 Rasl2tp - ok
18:08:46.0370 4848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:08:46.0375 4848 RasMan - ok
18:08:46.0464 4848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:08:46.0465 4848 RasPppoe - ok
18:08:46.0499 4848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:08:46.0501 4848 RasSstp - ok
18:08:46.0939 4848 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:08:46.0943 4848 rdbss - ok
18:08:47.0135 4848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:08:47.0136 4848 rdpbus - ok
18:08:47.0166 4848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:08:47.0166 4848 RDPCDD - ok
18:08:47.0250 4848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:08:47.0251 4848 RDPENCDD - ok
18:08:47.0288 4848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:08:47.0288 4848 RDPREFMP - ok
18:08:47.0587 4848 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:08:47.0590 4848 RDPWD - ok
18:08:47.0695 4848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:08:47.0699 4848 rdyboost - ok
18:08:47.0923 4848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:08:47.0925 4848 RemoteAccess - ok
18:08:48.0254 4848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:08:48.0258 4848 RemoteRegistry - ok
18:08:48.0357 4848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:08:48.0359 4848 RpcEptMapper - ok
18:08:48.0408 4848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:08:48.0425 4848 RpcLocator - ok
18:08:48.0772 4848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:08:48.0778 4848 RpcSs - ok
18:08:49.0021 4848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:08:49.0023 4848 rspndr - ok
18:08:49.0144 4848 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
18:08:49.0147 4848 RSUSBSTOR - ok
18:08:49.0198 4848 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:08:49.0200 4848 SamSs - ok
18:08:49.0253 4848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:08:49.0255 4848 sbp2port - ok
18:08:49.0496 4848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:08:49.0500 4848 SCardSvr - ok
18:08:49.0563 4848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:08:49.0564 4848 scfilter - ok
18:08:49.0645 4848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:08:49.0659 4848 Schedule - ok
18:08:49.0696 4848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:08:49.0697 4848 SCPolicySvc - ok
18:08:49.0724 4848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:08:49.0728 4848 SDRSVC - ok
18:08:49.0823 4848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:08:49.0824 4848 secdrv - ok
18:08:49.0856 4848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:08:49.0863 4848 seclogon - ok
18:08:49.0942 4848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:08:49.0945 4848 SENS - ok
18:08:49.0972 4848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:08:49.0974 4848 SensrSvc - ok
18:08:50.0006 4848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
18:08:50.0007 4848 Serenum - ok
18:08:50.0052 4848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
18:08:50.0054 4848 Serial - ok
18:08:50.0096 4848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
18:08:50.0097 4848 sermouse - ok
18:08:50.0156 4848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:08:50.0159 4848 SessionEnv - ok
18:08:50.0239 4848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:08:50.0240 4848 sffdisk - ok
18:08:50.0256 4848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:08:50.0257 4848 sffp_mmc - ok
18:08:50.0314 4848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:08:50.0315 4848 sffp_sd - ok
18:08:50.0350 4848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
18:08:50.0351 4848 sfloppy - ok
18:08:50.0398 4848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:08:50.0403 4848 SharedAccess - ok
18:08:50.0462 4848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:08:50.0468 4848 ShellHWDetection - ok
18:08:50.0502 4848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:08:50.0503 4848 SiSRaid2 - ok
18:08:50.0517 4848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
18:08:50.0519 4848 SiSRaid4 - ok
18:08:50.0816 4848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:08:50.0818 4848 Smb - ok
18:08:50.0915 4848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:08:50.0917 4848 SNMPTRAP - ok
18:08:51.0240 4848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:08:51.0241 4848 spldr - ok
18:08:51.0440 4848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:08:51.0448 4848 Spooler - ok
18:08:51.0608 4848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:08:51.0670 4848 sppsvc - ok
18:08:52.0428 4848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:08:52.0430 4848 sppuinotify - ok
18:08:52.0519 4848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:08:52.0526 4848 srv - ok
18:08:52.0841 4848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:08:52.0851 4848 srv2 - ok
18:08:53.0360 4848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:08:53.0379 4848 srvnet - ok
18:08:53.0803 4848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:08:53.0834 4848 SSDPSRV - ok
18:08:54.0147 4848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:08:54.0152 4848 SstpSvc - ok
18:08:54.0585 4848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
18:08:54.0587 4848 stexstor - ok
18:08:54.0936 4848 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
18:08:54.0937 4848 StillCam - ok
18:08:55.0998 4848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:08:56.0174 4848 stisvc - ok
18:08:56.0467 4848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
18:08:56.0552 4848 swenum - ok
18:08:57.0783 4848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:08:57.0807 4848 swprv - ok
18:08:58.0469 4848 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
18:08:58.0477 4848 SynTP - ok
18:09:00.0033 4848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:09:00.0092 4848 SysMain - ok
18:09:00.0584 4848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:09:00.0590 4848 TabletInputService - ok
18:09:01.0245 4848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:09:01.0255 4848 TapiSrv - ok
18:09:01.0403 4848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:09:01.0409 4848 TBS - ok
18:09:03.0222 4848 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:09:03.0449 4848 Tcpip - ok
18:09:06.0287 4848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:09:06.0309 4848 TCPIP6 - ok
18:09:07.0354 4848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:09:07.0356 4848 tcpipreg - ok
18:09:07.0714 4848 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:09:07.0717 4848 tdcmdpst - ok
18:09:07.0776 4848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:09:07.0778 4848 TDPIPE - ok
18:09:07.0906 4848 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:09:07.0908 4848 TDTCP - ok
18:09:08.0165 4848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:09:08.0187 4848 tdx - ok
18:09:08.0289 4848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
18:09:08.0292 4848 TermDD - ok
18:09:09.0915 4848 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:09:09.0992 4848 TermService - ok
18:09:10.0170 4848 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:09:10.0192 4848 Themes - ok
18:09:10.0343 4848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:09:10.0345 4848 THREADORDER - ok
18:09:10.0627 4848 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
18:09:10.0630 4848 TODDSrv - ok
18:09:11.0112 4848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:09:11.0118 4848 TrkWks - ok
18:09:11.0825 4848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:09:11.0830 4848 TrustedInstaller - ok
18:09:12.0081 4848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:09:12.0083 4848 tssecsrv - ok
18:09:12.0171 4848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:09:12.0174 4848 TsUsbFlt - ok
18:09:12.0482 4848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:09:12.0709 4848 tunnel - ok
18:09:13.0422 4848 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:09:13.0457 4848 TVALZ - ok
18:09:13.0523 4848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
18:09:13.0525 4848 uagp35 - ok
18:09:13.0669 4848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:09:13.0737 4848 udfs - ok
18:09:13.0961 4848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:09:13.0966 4848 UI0Detect - ok
18:09:14.0019 4848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:09:14.0021 4848 uliagpkx - ok
18:09:14.0272 4848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
18:09:14.0277 4848 umbus - ok
18:09:14.0337 4848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
18:09:14.0338 4848 UmPass - ok
18:09:15.0507 4848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:09:15.0554 4848 upnphost - ok
18:09:15.0978 4848 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys
18:09:15.0981 4848 USBAAPL64 - ok
18:09:16.0056 4848 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
18:09:16.0059 4848 usbaudio - ok
18:09:16.0113 4848 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:09:16.0115 4848 usbccgp - ok
18:09:16.0399 4848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:09:16.0401 4848 usbcir - ok
18:09:16.0508 4848 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:09:16.0509 4848 usbehci - ok
18:09:17.0749 4848 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:09:17.0761 4848 usbhub - ok
18:09:18.0237 4848 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
18:09:18.0239 4848 usbohci - ok
18:09:18.0420 4848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:09:18.0423 4848 usbprint - ok
18:09:18.0776 4848 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
18:09:18.0784 4848 USBSTOR - ok
18:09:18.0862 4848 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:09:18.0864 4848 usbuhci - ok
18:09:19.0705 4848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
18:09:19.0711 4848 usbvideo - ok
18:09:19.0796 4848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:09:19.0798 4848 UxSms - ok
18:09:20.0199 4848 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:09:20.0201 4848 VaultSvc - ok
18:09:20.0321 4848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:09:20.0324 4848 vdrvroot - ok
18:09:21.0121 4848 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:09:21.0326 4848 vds - ok
18:09:21.0625 4848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:09:21.0628 4848 vga - ok
18:09:21.0685 4848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:09:21.0687 4848 VgaSave - ok
18:09:22.0004 4848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:09:22.0023 4848 vhdmp - ok
18:09:22.0092 4848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:09:22.0093 4848 viaide - ok
18:09:22.0150 4848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:09:22.0152 4848 volmgr - ok
18:09:23.0032 4848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:09:23.0041 4848 volmgrx - ok
18:09:23.0142 4848 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:09:23.0218 4848 volsnap - ok
18:09:23.0446 4848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
18:09:23.0449 4848 vsmraid - ok
18:09:23.0966 4848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:09:24.0025 4848 VSS - ok
18:09:25.0273 4848 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
18:09:25.0282 4848 vToolbarUpdater11.0.2 - ok
18:11:13.0612 4848 vwifibus - ok
18:11:22.0357 4848 vwififlt - ok
18:11:22.0367 4848 W32Time - ok
18:11:22.0381 4848 WacomPen - ok
18:11:39.0744 4848 WANARP - ok
18:11:48.0102 4848 Wanarpv6 - ok
18:12:27.0179 4848 WatAdminSvc - ok
18:12:27.0199 4848 wbengine - ok
18:12:27.0216 4848 WbioSrvc - ok
18:12:27.0226 4848 wcncsvc - ok
18:12:27.0236 4848 WcsPlugInService - ok
18:12:27.0246 4848 Wd - ok
18:12:27.0257 4848 Wdf01000 - ok
18:12:27.0267 4848 WdiServiceHost - ok
18:12:27.0277 4848 WdiSystemHost - ok
18:12:27.0286 4848 WebClient - ok
18:12:27.0297 4848 Wecsvc - ok
18:12:36.0042 4848 wercplsupport - ok
18:12:40.0460 4848 WerSvc - ok
18:12:49.0014 4848 WfpLwf - ok
18:12:49.0031 4848 WIMMount - ok
18:12:53.0249 4848 WinDefend - ok
18:12:57.0635 4848 WinHttpAutoProxySvc - ok
18:12:57.0652 4848 Winmgmt - ok
18:12:57.0667 4848 WinRM - ok
18:13:06.0033 4848 WinUsb - ok
18:13:06.0046 4848 Wlansvc - ok
18:13:06.0708 4848 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:13:06.0741 4848 wlcrasvc - ok
18:13:09.0240 4848 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:13:09.0357 4848 wlidsvc - ok
18:13:10.0549 4848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:13:10.0552 4848 WmiAcpi - ok
18:13:10.0795 4848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:13:10.0799 4848 wmiApSrv - ok
18:13:10.0889 4848 WMPNetworkSvc - ok
18:13:11.0139 4848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:13:11.0147 4848 WPCSvc - ok
18:13:11.0213 4848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:13:11.0217 4848 WPDBusEnum - ok
18:13:11.0263 4848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:13:11.0264 4848 ws2ifsl - ok
18:13:11.0288 4848 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
18:13:11.0290 4848 wscsvc - ok
18:13:11.0300 4848 WSearch - ok
18:13:11.0728 4848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:13:11.0780 4848 wuauserv - ok
18:13:12.0124 4848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:13:12.0126 4848 WudfPf - ok
18:13:12.0184 4848 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:13:12.0187 4848 WUDFRd - ok
18:13:12.0452 4848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:13:12.0457 4848 wudfsvc - ok
18:13:12.0508 4848 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:13:12.0512 4848 WwanSvc - ok
18:13:12.0581 4848 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:13:12.0645 4848 \Device\Harddisk0\DR0 - ok
18:13:12.0677 4848 Boot (0x1200) (0351a9e72a75d787111011edd080c168) \Device\Harddisk0\DR0\Partition0
18:13:12.0922 4848 \Device\Harddisk0\DR0\Partition0 - ok
18:13:12.0929 4848 ================================================== ==========
18:13:12.0929 4848 Scan finished
18:13:12.0929 4848 ================================================== ==========
18:13:12.0949 4632 Detected object count: 0
18:13:12.0949 4632 Actual detected object count: 0
18:18:22.0691 4924 Deinitialize success
Reply With Quote
  #13  
Old April 30th, 2012, 12:33 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
Not something that locates. Let's run a repair scan that will also provide us with a fixit tool after, if needed.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #14  
Old May 4th, 2012, 06:40 PM
cherber's Avatar
cherber cherber is offline
Begger of computer help
 
Join Date: Aug 2003
O/S: Windows 7 64-bit
Location: Pittsburgh, PA
Age: 50
Posts: 181
whew finally...
ComboFix 12-05-04.01 - Jodi 05/04/2012 10:06:24.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.1005 [GMT -4:00]
Running from: c:\users\Jodi\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-03 21:47 . 2012-05-03 21:47 -------- d-----w- C:\2c4e8db24704d39d1b86190dac
2012-04-26 00:41 . 2012-04-26 00:41 -------- d-----w- C:\668266781936e39c4dd3c84be960ab
2012-04-21 13:59 . 2012-04-21 13:59 -------- d-----w- c:\windows\en
2012-04-21 13:34 . 2012-04-21 13:34 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2012-04-21 13:30 . 2012-04-21 13:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ebb217f31cd1fc202\MeshBetaRemover.exe
2012-04-21 13:30 . 2012-04-21 13:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\DSETUP.dll
2012-04-21 13:30 . 2012-04-21 13:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\DXSETUP.exe
2012-04-21 13:30 . 2012-04-21 13:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98777531cd1fc201\dsetup32.dll
2012-04-18 23:45 . 2012-04-18 23:45 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-04-18 23:45 . 2012-04-18 23:45 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-04-18 23:44 . 2012-04-18 23:44 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-18 23:12 . 2012-04-18 23:12 -------- d-----w- C:\sc16v180
2012-04-18 21:16 . 2012-04-18 21:16 -------- d-----w- c:\program files\CCleaner
2012-04-18 10:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-18 10:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-18 10:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-18 08:41 . 2012-04-18 08:41 -------- d-----w- C:\464ab232e39f9d4b8f5607b746b55f
2012-04-18 08:41 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-18 08:41 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-18 08:41 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-18 08:41 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-18 08:41 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-18 08:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-18 08:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-18 01:02 . 2012-04-18 01:02 -------- d-----w- c:\users\Jodi\AppData\Roaming\InstallShield
2012-04-17 21:43 . 2012-04-17 21:43 -------- d-----w- C:\c980bd9c0eabbfdd59ba
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-18 01:08 . 2011-09-26 21:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-14 00:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 00:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 00:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 00:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 00:18 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-04-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtN ElKTUg&inst=NzctNjM0Nzg1OTIwLVhPMTArMTItUUlYMSs0LV gyMDEwKzItRjEwTTEwRCsxLUxJQysyMi1GTDEwKzEtU1AxKzEt U1AxVEIrMS1TUDFTMisxLVNVRCsxLVRVRyszLVMxSSsxLVNVMy sxLUREVCs0Mjk0OTQ0MjYyLUREMTBGKzEtU1QxMEZBUFArMS1G MTBNMTJBTisxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLU YxME0xMkFUQisxLUYxME0xMkIrMS1GMTBUQisyLVNUMTBUQkYr MQ&prod=90&ver=10.0.1424" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2012-04-26 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atip mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 05:44]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 05:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\P CCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUt il10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
************************************************** ************************
.
Completion time: 2012-05-04 10:55:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 14:55
.
Pre-Run: 267,523,530,752 bytes free
Post-Run: 267,526,569,984 bytes free
.
- - End Of File - - C8EC8EF05B7FF26C058AEF9EA9778B03
Reply With Quote
  #15  
Old May 4th, 2012, 11:16 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,430
By the looks of the last logs, AVG has been uninstalled. Please be sure to review changes with me here before making them - helps make the fix processes run smoother.

Nothing so far is showing the malware "hooks" with your browser that Gmer showed, so something still busy there.

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-
Go to Start Search, type notepad.exe in the Start Search box. Notepad.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator"., and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

-----------

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:29 PM.