Jump to content


Photo
- - - - -

Help with Removal Attach and DDS logs attached


  • This topic is locked This topic is locked
17 replies to this topic

#1 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 June 2012 - 01:32 PM

Hi, I had a malware on my computer and have followed the instructions to send these two logs (attach.txt and dds.txt) to you. Can you pleae look at them and see if I am OK.

Thanks very much,
Joyce

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Joyce at 8:06:28 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4624 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887} : DhcpNameServer = 50.50.0.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-10 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-10 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-10 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-25 03:15:22 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Malwarebytes
2012-06-25 03:15:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-25 03:15:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-25 03:15:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-24 16:32:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-24 16:32:17 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-24 16:32:00 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-24 16:32:00 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-18 04:13:34 -------- d--h--w- C:\Users\Joyce\AppData\Local\Diagnostics
2012-06-12 21:38:41 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-08 05:31:31 -------- d--h--w- C:\ProgramData\Book Place
2012-06-08 05:26:21 -------- d--h--w- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update
2012-06-08 05:18:11 -------- d--h--w- C:\Users\Joyce\AppData\Roaming\Book Place
.
==================== Find3M ====================
.
2012-06-23 18:02:07 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 18:02:07 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-19 14:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:07:07.47 ===============

Attached Files


Edited by Maurice Naggar, 26 June 2012 - 04:11 PM.
Logs In-line


#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 June 2012 - 04:15 PM

Hello Joyce and welcome to MalwareBytes forums.

Would you share with me why you suspect something is amiss?

Please Copy and Paste logs into main-body of reply. Use NOTEPAD to open the logs and Copy all. Then paste.
Do not attach.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Step 4
Please read carefully and follow these steps.
  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)
Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 June 2012 - 06:07 PM

Hi Maurice, thanks very much for replying.

I am not terribly savy on all this, so in layspeak here is what happened. I was online when an AVG pop up window appeared. It said that there was a severe malware threat. As they recommended I put it in a vault. They identified it as: IDP.GenericN.5D5293F3

Seconds after I did this, another window popped up that I could not close and kept replicating. I shouted :) and my husband came over and installed your product. We ran a full scan and it detected 6 bad things.

There were:
4 Trojan.Fake Alerts
1 Rogue.FakeHDD
2 PUM.Hijack.StartMenu

all dated yesterday at 3:17 am

We followed the instructions for them to be quarantined.

When I restarted my computer the pop up start menu was empty, and when I click on 'All Programs' they show up, but all of the folders there are empty (for example it lists Microspot Office, but when I click on it, it just says 'empty').

I can find everything when I go to My Computer, but can't get them back to the start menu.

So I guess I am asking if they are really all gone, if my computer is clean, and if you might know how to get my start menu back.

I have not yet done all the steps you suggested, wanted to tell you all of this before I did.

Thanks again,
Joyce

MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joyce :: JOYCE-PC [administrator]
6/24/2012 5:17:39 PM
mbam-log-2012-06-24 (17-17-39).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314539
Time elapsed: 26 minute(s), 23 second(s)
Memory Processes Detected: 2
C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> 5228 -> Delete on reboot.
C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> 6580 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\jdhNjPXkrCGrLYP.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Joyce\AppData\Local\Temp\ad8EIFpytux2sY.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Joyce\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully.
(end)

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 June 2012 - 06:13 AM

Joyce,

OK. You described the sequence well. Details are always appreciated. The malware "hid" some of your program links, etc.
We'll get those back. I suggest you run Unhide and follow it's prompts as it runs. And get it's log Unhide.txt when it is all done.

Please download the following program to your Desktop >> Unhide <<
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Reply back with copy of Unhide.txt

Next, go back to my previous reply: Need for you to run aswMBR
TDSSKILLER
GMER
OTL
SecurityCheck

Do as much as possible of those, and copy and paste the logs
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 June 2012 - 06:47 PM

Hi Maurice,

You are a genius! The Unhide program worked perfectly! Here is the text:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html
Program started at: 06/27/2012 01:39:47 PM
Windows Version: Windows 7
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 137697 files processed.
Restoring the Start Menu.
* 182 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!
Restarting Explorer.exe in order to apply changes.
Program finished at: 06/27/2012 01:42:30 PM
Execution time: 0 hours(s), 2 minute(s), and 43 seconds(s)

Will begin the next steps now and post them for you. Don't know where you are, but we live in Hawaii and are probably a good few hours earlier than you are.

Aloha,
Joyce

#6 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 June 2012 - 07:07 PM

Maurice! Here is the report form TDSSKILLER. The first screen that appeared after the scan showed one threat found. I wasn't sure what to do with it, so I put it in quarintine.

14:01:50.0415 0984 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
14:01:51.0023 0984 ============================================================
14:01:51.0023 0984 Current date / time: 2012/06/27 14:01:51.0023
14:01:51.0023 0984 SystemInfo:
14:01:51.0023 0984
14:01:51.0023 0984 OS Version: 6.1.7601 ServicePack: 1.0
14:01:51.0023 0984 Product type: Workstation
14:01:51.0023 0984 ComputerName: JOYCE-PC
14:01:51.0023 0984 UserName: Joyce
14:01:51.0023 0984 Windows directory: C:\windows
14:01:51.0023 0984 System windows directory: C:\windows
14:01:51.0023 0984 Running under WOW64
14:01:51.0023 0984 Processor architecture: Intel x64
14:01:51.0023 0984 Number of processors: 4
14:01:51.0023 0984 Page size: 0x1000
14:01:51.0023 0984 Boot type: Normal boot
14:01:51.0023 0984 ============================================================
14:01:51.0460 0984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:51.0476 0984 ============================================================
14:01:51.0476 0984 \Device\Harddisk0\DR0:
14:01:51.0476 0984 MBR partitions:
14:01:51.0476 0984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3833E800
14:01:51.0476 0984 ============================================================
14:01:51.0507 0984 C: <-> \Device\Harddisk0\DR0\Partition0
14:01:51.0507 0984 ============================================================
14:01:51.0507 0984 Initialize success
14:01:51.0507 0984 ============================================================
14:02:39.0259 5908 ============================================================
14:02:39.0259 5908 Scan started
14:02:39.0259 5908 Mode: Manual; SigCheck; TDLFS;
14:02:39.0259 5908 ============================================================
14:02:40.0055 5908 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
14:02:40.0180 5908 1394ohci - ok
14:02:40.0258 5908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
14:02:40.0273 5908 ACPI - ok
14:02:40.0305 5908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
14:02:40.0398 5908 AcpiPmi - ok
14:02:40.0492 5908 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:02:40.0523 5908 AdobeARMservice - ok
14:02:40.0819 5908 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:40.0851 5908 AdobeFlashPlayerUpdateSvc - ok
14:02:40.0929 5908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
14:02:40.0975 5908 adp94xx - ok
14:02:41.0022 5908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
14:02:41.0053 5908 adpahci - ok
14:02:41.0069 5908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
14:02:41.0100 5908 adpu320 - ok
14:02:41.0147 5908 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
14:02:41.0303 5908 AeLookupSvc - ok
14:02:41.0381 5908 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
14:02:41.0459 5908 AFD - ok
14:02:41.0506 5908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
14:02:41.0521 5908 agp440 - ok
14:02:41.0568 5908 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
14:02:41.0615 5908 ALG - ok
14:02:41.0646 5908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
14:02:41.0677 5908 aliide - ok
14:02:41.0693 5908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
14:02:41.0724 5908 amdide - ok
14:02:41.0740 5908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
14:02:41.0787 5908 AmdK8 - ok
14:02:41.0802 5908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
14:02:41.0833 5908 AmdPPM - ok
14:02:41.0865 5908 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
14:02:41.0896 5908 amdsata - ok
14:02:41.0911 5908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
14:02:41.0943 5908 amdsbs - ok
14:02:41.0958 5908 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
14:02:41.0974 5908 amdxata - ok
14:02:42.0005 5908 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
14:02:42.0099 5908 AppID - ok
14:02:42.0130 5908 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
14:02:42.0208 5908 AppIDSvc - ok
14:02:42.0223 5908 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
14:02:42.0255 5908 Appinfo - ok
14:02:42.0442 5908 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:42.0457 5908 Apple Mobile Device - ok
14:02:42.0489 5908 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
14:02:42.0520 5908 arc - ok
14:02:42.0551 5908 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
14:02:42.0567 5908 arcsas - ok
14:02:42.0832 5908 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:02:42.0863 5908 aspnet_state - ok
14:02:42.0879 5908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:02:42.0957 5908 AsyncMac - ok
14:02:42.0988 5908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
14:02:43.0019 5908 atapi - ok
14:02:43.0206 5908 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
14:02:43.0315 5908 athr - ok
14:02:43.0659 5908 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:02:43.0768 5908 AudioEndpointBuilder - ok
14:02:43.0783 5908 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
14:02:43.0861 5908 AudioSrv - ok
14:02:44.0236 5908 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:02:44.0376 5908 AVGIDSAgent - ok
14:02:44.0766 5908 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
14:02:44.0797 5908 AVGIDSDriver - ok
14:02:44.0829 5908 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
14:02:44.0844 5908 AVGIDSFilter - ok
14:02:44.0875 5908 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
14:02:44.0907 5908 AVGIDSHA - ok
14:02:44.0953 5908 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
14:02:44.0985 5908 Avgldx64 - ok
14:02:45.0000 5908 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
14:02:45.0016 5908 Avgmfx64 - ok
14:02:45.0031 5908 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
14:02:45.0063 5908 Avgrkx64 - ok
14:02:45.0109 5908 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
14:02:45.0141 5908 Avgtdia - ok
14:02:45.0312 5908 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:02:45.0343 5908 avgwd - ok
14:02:45.0390 5908 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
14:02:45.0453 5908 AxInstSV - ok
14:02:45.0515 5908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
14:02:45.0577 5908 b06bdrv - ok
14:02:45.0609 5908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:02:45.0671 5908 b57nd60a - ok
14:02:45.0718 5908 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
14:02:45.0765 5908 BDESVC - ok
14:02:45.0811 5908 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:02:45.0889 5908 Beep - ok
14:02:45.0952 5908 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
14:02:46.0061 5908 BFE - ok
14:02:46.0139 5908 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
14:02:46.0248 5908 BITS - ok
14:02:46.0404 5908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:02:46.0435 5908 blbdrive - ok
14:02:46.0529 5908 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:02:46.0576 5908 Bonjour Service - ok
14:02:46.0607 5908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
14:02:46.0669 5908 bowser - ok
14:02:46.0716 5908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
14:02:46.0747 5908 BrFiltLo - ok
14:02:46.0763 5908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
14:02:46.0810 5908 BrFiltUp - ok
14:02:46.0857 5908 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
14:02:46.0935 5908 Browser - ok
14:02:46.0966 5908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:02:47.0013 5908 Brserid - ok
14:02:47.0013 5908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:02:47.0044 5908 BrSerWdm - ok
14:02:47.0059 5908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:02:47.0091 5908 BrUsbMdm - ok
14:02:47.0122 5908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:02:47.0153 5908 BrUsbSer - ok
14:02:47.0215 5908 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
14:02:47.0247 5908 BtFilter - ok
14:02:47.0262 5908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
14:02:47.0309 5908 BTHMODEM - ok
14:02:47.0371 5908 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
14:02:47.0449 5908 bthserv - ok
14:02:47.0496 5908 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:02:47.0574 5908 cdfs - ok
14:02:47.0605 5908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
14:02:47.0637 5908 cdrom - ok
14:02:47.0683 5908 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:02:47.0777 5908 CertPropSvc - ok
14:02:47.0808 5908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
14:02:47.0839 5908 circlass - ok
14:02:47.0902 5908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:02:47.0933 5908 CLFS - ok
14:02:48.0089 5908 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:48.0136 5908 clr_optimization_v2.0.50727_32 - ok
14:02:48.0261 5908 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:02:48.0276 5908 clr_optimization_v2.0.50727_64 - ok
14:02:48.0463 5908 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:02:48.0479 5908 clr_optimization_v4.0.30319_32 - ok
14:02:48.0682 5908 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:02:48.0697 5908 clr_optimization_v4.0.30319_64 - ok
14:02:48.0744 5908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:02:48.0775 5908 CmBatt - ok
14:02:48.0791 5908 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
14:02:48.0807 5908 cmdide - ok
14:02:48.0885 5908 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
14:02:48.0931 5908 CNG - ok
14:02:49.0041 5908 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys
14:02:49.0087 5908 CnxtHdAudService - ok
14:02:49.0493 5908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
14:02:49.0524 5908 Compbatt - ok
14:02:49.0540 5908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
14:02:49.0587 5908 CompositeBus - ok
14:02:49.0602 5908 COMSysApp - ok
14:02:49.0618 5908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
14:02:49.0633 5908 crcdisk - ok
14:02:49.0680 5908 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
14:02:49.0743 5908 CryptSvc - ok
14:02:49.0805 5908 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:02:49.0899 5908 DcomLaunch - ok
14:02:49.0961 5908 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
14:02:50.0039 5908 defragsvc - ok
14:02:50.0086 5908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
14:02:50.0117 5908 DfsC - ok
14:02:50.0164 5908 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
14:02:50.0242 5908 Dhcp - ok
14:02:50.0242 5908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:02:50.0289 5908 discache - ok
14:02:50.0320 5908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
14:02:50.0351 5908 Disk - ok
14:02:50.0367 5908 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
14:02:50.0445 5908 Dnscache - ok
14:02:50.0491 5908 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
14:02:50.0569 5908 dot3svc - ok
14:02:50.0585 5908 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
14:02:50.0647 5908 DPS - ok
14:02:50.0694 5908 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:02:50.0725 5908 drmkaud - ok
14:02:50.0788 5908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
14:02:50.0835 5908 DXGKrnl - ok
14:02:50.0866 5908 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
14:02:50.0928 5908 EapHost - ok
14:02:51.0069 5908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
14:02:51.0162 5908 ebdrv - ok
14:02:51.0459 5908 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
14:02:51.0474 5908 EFS - ok
14:02:51.0615 5908 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
14:02:51.0677 5908 ehRecvr - ok
14:02:51.0708 5908 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
14:02:51.0739 5908 ehSched - ok
14:02:51.0911 5908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
14:02:51.0942 5908 elxstor - ok
14:02:51.0958 5908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
14:02:51.0989 5908 ErrDev - ok
14:02:52.0036 5908 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
14:02:52.0145 5908 EventSystem - ok
14:02:52.0176 5908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:02:52.0254 5908 exfat - ok
14:02:52.0270 5908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:02:52.0332 5908 fastfat - ok
14:02:52.0395 5908 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
14:02:52.0473 5908 Fax - ok
14:02:52.0519 5908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
14:02:52.0551 5908 fdc - ok
14:02:52.0582 5908 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
14:02:52.0660 5908 fdPHost - ok
14:02:52.0660 5908 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
14:02:52.0707 5908 FDResPub - ok
14:02:52.0722 5908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:02:52.0738 5908 FileInfo - ok
14:02:52.0753 5908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:02:52.0800 5908 Filetrace - ok
14:02:52.0816 5908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
14:02:52.0831 5908 flpydisk - ok
14:02:52.0847 5908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
14:02:52.0863 5908 FltMgr - ok
14:02:52.0941 5908 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
14:02:53.0003 5908 FontCache - ok
14:02:53.0097 5908 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:02:53.0128 5908 FontCache3.0.0.0 - ok
14:02:53.0253 5908 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:02:53.0284 5908 FsDepends - ok
14:02:53.0315 5908 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
14:02:53.0346 5908 Fs_Rec - ok
14:02:53.0362 5908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
14:02:53.0393 5908 fvevol - ok
14:02:53.0424 5908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
14:02:53.0455 5908 gagp30kx - ok
14:02:53.0565 5908 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:02:53.0596 5908 GamesAppService - ok
14:02:53.0643 5908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:02:53.0658 5908 GEARAspiWDM - ok
14:02:53.0736 5908 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
14:02:53.0814 5908 gpsvc - ok
14:02:53.0908 5908 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:02:53.0923 5908 gupdate - ok
14:02:53.0923 5908 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:02:53.0939 5908 gupdatem - ok
14:02:53.0986 5908 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:02:54.0017 5908 gusvc - ok
14:02:54.0064 5908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:02:54.0111 5908 hcw85cir - ok
14:02:54.0142 5908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
14:02:54.0189 5908 HdAudAddService - ok
14:02:54.0204 5908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:02:54.0235 5908 HDAudBus - ok
14:02:54.0251 5908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
14:02:54.0282 5908 HidBatt - ok
14:02:54.0298 5908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
14:02:54.0329 5908 HidBth - ok
14:02:54.0360 5908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
14:02:54.0391 5908 HidIr - ok
14:02:54.0407 5908 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
14:02:54.0501 5908 hidserv - ok
14:02:54.0547 5908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
14:02:54.0579 5908 HidUsb - ok
14:02:54.0610 5908 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
14:02:54.0719 5908 hkmsvc - ok
14:02:54.0735 5908 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
14:02:54.0781 5908 HomeGroupListener - ok
14:02:54.0828 5908 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
14:02:54.0859 5908 HomeGroupProvider - ok
14:02:54.0906 5908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
14:02:54.0937 5908 HpSAMD - ok
14:02:55.0015 5908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
14:02:55.0125 5908 HTTP - ok
14:02:55.0125 5908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
14:02:55.0140 5908 hwpolicy - ok
14:02:55.0156 5908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:02:55.0171 5908 i8042prt - ok
14:02:55.0234 5908 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\windows\system32\DRIVERS\iaStor.sys
14:02:55.0265 5908 iaStor - ok
14:02:55.0327 5908 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
14:02:55.0374 5908 iaStorV - ok
14:02:55.0452 5908 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:02:55.0483 5908 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:02:55.0483 5908 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:02:55.0639 5908 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:02:55.0686 5908 idsvc - ok
14:02:56.0404 5908 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
14:02:56.0841 5908 igfx - ok
14:02:57.0215 5908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
14:02:57.0246 5908 iirsp - ok
14:02:57.0309 5908 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
14:02:57.0418 5908 IKEEXT - ok
14:02:57.0465 5908 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
14:02:57.0511 5908 IntcDAud - ok
14:02:57.0558 5908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
14:02:57.0574 5908 intelide - ok
14:02:57.0589 5908 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:02:57.0636 5908 intelppm - ok
14:02:57.0667 5908 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
14:02:57.0745 5908 IPBusEnum - ok
14:02:57.0777 5908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:02:57.0823 5908 IpFilterDriver - ok
14:02:57.0855 5908 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
14:02:57.0964 5908 iphlpsvc - ok
14:02:57.0979 5908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
14:02:58.0011 5908 IPMIDRV - ok
14:02:58.0026 5908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:02:58.0057 5908 IPNAT - ok
14:02:58.0151 5908 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:02:58.0182 5908 iPod Service - ok
14:02:58.0213 5908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:02:58.0245 5908 IRENUM - ok
14:02:58.0260 5908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
14:02:58.0276 5908 isapnp - ok
14:02:58.0291 5908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
14:02:58.0307 5908 iScsiPrt - ok
14:02:58.0323 5908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:02:58.0338 5908 kbdclass - ok
14:02:58.0354 5908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
14:02:58.0369 5908 kbdhid - ok
14:02:58.0416 5908 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:02:58.0432 5908 KeyIso - ok
14:02:58.0447 5908 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
14:02:58.0463 5908 KSecDD - ok
14:02:58.0479 5908 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
14:02:58.0510 5908 KSecPkg - ok
14:02:58.0541 5908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:02:58.0603 5908 ksthunk - ok
14:02:58.0650 5908 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
14:02:58.0728 5908 KtmRm - ok
14:02:58.0775 5908 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
14:02:58.0775 5908 L1C - ok
14:02:58.0822 5908 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
14:02:58.0915 5908 LanmanServer - ok
14:02:58.0962 5908 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
14:02:59.0087 5908 LanmanWorkstation - ok
14:02:59.0134 5908 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:02:59.0212 5908 lltdio - ok
14:02:59.0243 5908 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
14:02:59.0352 5908 lltdsvc - ok
14:02:59.0368 5908 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
14:02:59.0415 5908 lmhosts - ok
14:02:59.0539 5908 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:02:59.0571 5908 LMS - ok
14:02:59.0633 5908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
14:02:59.0664 5908 LSI_FC - ok
14:02:59.0680 5908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
14:02:59.0695 5908 LSI_SAS - ok
14:02:59.0695 5908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
14:02:59.0711 5908 LSI_SAS2 - ok
14:02:59.0727 5908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
14:02:59.0742 5908 LSI_SCSI - ok
14:02:59.0773 5908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:02:59.0836 5908 luafv - ok
14:02:59.0867 5908 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
14:02:59.0883 5908 Mcx2Svc - ok
14:02:59.0898 5908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
14:02:59.0914 5908 megasas - ok
14:02:59.0945 5908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
14:02:59.0961 5908 MegaSR - ok
14:03:00.0007 5908 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
14:03:00.0023 5908 MEIx64 - ok
14:03:00.0070 5908 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:03:00.0148 5908 MMCSS - ok
14:03:00.0179 5908 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:03:00.0257 5908 Modem - ok
14:03:00.0273 5908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:03:00.0304 5908 monitor - ok
14:03:00.0319 5908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:03:00.0335 5908 mouclass - ok
14:03:00.0351 5908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
14:03:00.0382 5908 mouhid - ok
14:03:00.0429 5908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
14:03:00.0460 5908 mountmgr - ok
14:03:00.0475 5908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
14:03:00.0491 5908 mpio - ok
14:03:00.0507 5908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:03:00.0553 5908 mpsdrv - ok
14:03:00.0616 5908 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
14:03:00.0694 5908 MpsSvc - ok
14:03:00.0709 5908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
14:03:00.0725 5908 MRxDAV - ok
14:03:00.0741 5908 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
14:03:00.0772 5908 mrxsmb - ok
14:03:00.0819 5908 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:03:00.0834 5908 mrxsmb10 - ok
14:03:00.0834 5908 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:03:00.0850 5908 mrxsmb20 - ok
14:03:00.0850 5908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
14:03:00.0865 5908 msahci - ok
14:03:00.0865 5908 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
14:03:00.0881 5908 msdsm - ok
14:03:00.0912 5908 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
14:03:00.0928 5908 MSDTC - ok
14:03:00.0943 5908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:03:00.0975 5908 Msfs - ok
14:03:00.0990 5908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:03:01.0037 5908 mshidkmdf - ok
14:03:01.0037 5908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
14:03:01.0037 5908 msisadrv - ok
14:03:01.0084 5908 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
14:03:01.0146 5908 MSiSCSI - ok
14:03:01.0146 5908 msiserver - ok
14:03:01.0193 5908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:03:01.0271 5908 MSKSSRV - ok
14:03:01.0271 5908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:03:01.0333 5908 MSPCLOCK - ok
14:03:01.0333 5908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:03:01.0380 5908 MSPQM - ok
14:03:01.0411 5908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
14:03:01.0458 5908 MsRPC - ok
14:03:01.0474 5908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:03:01.0489 5908 mssmbios - ok
14:03:01.0521 5908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:03:01.0599 5908 MSTEE - ok
14:03:01.0599 5908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
14:03:01.0614 5908 MTConfig - ok
14:03:01.0614 5908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:03:01.0630 5908 Mup - ok
14:03:01.0693 5908 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
14:03:01.0802 5908 napagent - ok
14:03:01.0880 5908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:03:01.0912 5908 NativeWifiP - ok
14:03:01.0974 5908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
14:03:02.0021 5908 NDIS - ok
14:03:02.0052 5908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:03:02.0083 5908 NdisCap - ok
14:03:02.0114 5908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:03:02.0146 5908 NdisTapi - ok
14:03:02.0146 5908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
14:03:02.0224 5908 Ndisuio - ok
14:03:02.0255 5908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
14:03:02.0333 5908 NdisWan - ok
14:03:02.0364 5908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
14:03:02.0395 5908 NDProxy - ok
14:03:02.0411 5908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:03:02.0442 5908 NetBIOS - ok
14:03:02.0473 5908 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
14:03:02.0504 5908 NetBT - ok
14:03:02.0551 5908 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:03:02.0551 5908 Netlogon - ok
14:03:02.0582 5908 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
14:03:02.0645 5908 Netman - ok
14:03:02.0894 5908 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:03:02.0910 5908 NetMsmqActivator - ok
14:03:02.0941 5908 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:03:02.0957 5908 NetPipeActivator - ok
14:03:03.0004 5908 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
14:03:03.0066 5908 netprofm - ok
14:03:03.0066 5908 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:03:03.0082 5908 NetTcpActivator - ok
14:03:03.0082 5908 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:03:03.0097 5908 NetTcpPortSharing - ok
14:03:03.0238 5908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
14:03:03.0269 5908 nfrd960 - ok
14:03:03.0316 5908 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
14:03:03.0425 5908 NlaSvc - ok
14:03:03.0518 5908 Norton PC Checkup Application Launcher - ok
14:03:03.0565 5908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:03:03.0643 5908 Npfs - ok
14:03:03.0690 5908 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
14:03:03.0768 5908 nsi - ok
14:03:03.0768 5908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:03:03.0830 5908 nsiproxy - ok
14:03:03.0908 5908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
14:03:03.0986 5908 Ntfs - ok
14:03:04.0376 5908 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:03:04.0439 5908 Null - ok
14:03:04.0470 5908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
14:03:04.0470 5908 nvraid - ok
14:03:04.0486 5908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
14:03:04.0501 5908 nvstor - ok
14:03:04.0517 5908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
14:03:04.0532 5908 nv_agp - ok
14:03:04.0548 5908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
14:03:04.0564 5908 ohci1394 - ok
14:03:04.0720 5908 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:03:04.0735 5908 ose - ok
14:03:05.0125 5908 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:03:05.0281 5908 osppsvc - ok
14:03:05.0578 5908 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:03:05.0624 5908 p2pimsvc - ok
14:03:05.0702 5908 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
14:03:05.0734 5908 p2psvc - ok
14:03:05.0843 5908 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
14:03:05.0874 5908 Parport - ok
14:03:05.0921 5908 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
14:03:05.0936 5908 partmgr - ok
14:03:05.0968 5908 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
14:03:06.0030 5908 PcaSvc - ok
14:03:06.0139 5908 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
14:03:06.0170 5908 PCCUJobMgr - ok
14:03:06.0217 5908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
14:03:06.0248 5908 pci - ok
14:03:06.0264 5908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:03:06.0280 5908 pciide - ok
14:03:06.0311 5908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
14:03:06.0342 5908 pcmcia - ok
14:03:06.0358 5908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:03:06.0373 5908 pcw - ok
14:03:06.0420 5908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:03:06.0514 5908 PEAUTH - ok
14:03:06.0779 5908 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
14:03:06.0826 5908 PerfHost - ok
14:03:06.0872 5908 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
14:03:06.0888 5908 PGEffect - ok
14:03:06.0982 5908 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
14:03:07.0091 5908 pla - ok
14:03:07.0169 5908 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
14:03:07.0216 5908 PlugPlay - ok
14:03:07.0262 5908 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
14:03:07.0294 5908 PNRPAutoReg - ok
14:03:07.0325 5908 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
14:03:07.0356 5908 PNRPsvc - ok
14:03:07.0403 5908 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
14:03:07.0465 5908 PolicyAgent - ok
14:03:07.0512 5908 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
14:03:07.0590 5908 Power - ok
14:03:07.0730 5908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
14:03:07.0808 5908 PptpMiniport - ok
14:03:07.0840 5908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
14:03:07.0871 5908 Processor - ok
14:03:07.0918 5908 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
14:03:07.0964 5908 ProfSvc - ok
14:03:07.0996 5908 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:03:08.0011 5908 ProtectedStorage - ok
14:03:08.0058 5908 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
14:03:08.0152 5908 Psched - ok
14:03:08.0198 5908 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
14:03:08.0230 5908 QIOMem - ok
14:03:08.0308 5908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
14:03:08.0370 5908 ql2300 - ok
14:03:08.0776 5908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
14:03:08.0807 5908 ql40xx - ok
14:03:08.0854 5908 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
14:03:08.0900 5908 QWAVE - ok
14:03:08.0900 5908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:03:08.0947 5908 QWAVEdrv - ok
14:03:08.0947 5908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:03:09.0010 5908 RasAcd - ok
14:03:09.0041 5908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:03:09.0103 5908 RasAgileVpn - ok
14:03:09.0134 5908 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
14:03:09.0212 5908 RasAuto - ok
14:03:09.0244 5908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
14:03:09.0290 5908 Rasl2tp - ok
14:03:09.0306 5908 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
14:03:09.0337 5908 RasMan - ok
14:03:09.0368 5908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:03:09.0415 5908 RasPppoe - ok
14:03:09.0446 5908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:03:09.0509 5908 RasSstp - ok
14:03:09.0540 5908 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
14:03:09.0618 5908 rdbss - ok
14:03:09.0634 5908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
14:03:09.0649 5908 rdpbus - ok
14:03:09.0680 5908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:03:09.0727 5908 RDPCDD - ok
14:03:09.0727 5908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:03:09.0774 5908 RDPENCDD - ok
14:03:09.0790 5908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:03:09.0821 5908 RDPREFMP - ok
14:03:09.0836 5908 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
14:03:09.0883 5908 RDPWD - ok
14:03:09.0930 5908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
14:03:09.0946 5908 rdyboost - ok
14:03:09.0961 5908 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
14:03:10.0024 5908 RemoteAccess - ok
14:03:10.0070 5908 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
14:03:10.0133 5908 RemoteRegistry - ok
14:03:10.0164 5908 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
14:03:10.0195 5908 RpcEptMapper - ok
14:03:10.0226 5908 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
14:03:10.0226 5908 RpcLocator - ok
14:03:10.0258 5908 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
14:03:10.0304 5908 RpcSs - ok
14:03:10.0336 5908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:03:10.0414 5908 rspndr - ok
14:03:10.0492 5908 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
14:03:10.0523 5908 RSUSBSTOR - ok
14:03:10.0538 5908 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys
14:03:10.0554 5908 RSUSBVSTOR - ok
14:03:10.0585 5908 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:03:10.0616 5908 SamSs - ok
14:03:10.0648 5908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
14:03:10.0679 5908 sbp2port - ok
14:03:10.0726 5908 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
14:03:10.0804 5908 SCardSvr - ok
14:03:10.0804 5908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
14:03:10.0866 5908 scfilter - ok
14:03:10.0913 5908 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
14:03:10.0975 5908 Schedule - ok
14:03:11.0006 5908 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
14:03:11.0084 5908 SCPolicySvc - ok
14:03:11.0116 5908 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
14:03:11.0178 5908 SDRSVC - ok
14:03:11.0303 5908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:03:11.0381 5908 secdrv - ok
14:03:11.0428 5908 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
14:03:11.0474 5908 seclogon - ok
14:03:11.0474 5908 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
14:03:11.0521 5908 SENS - ok
14:03:11.0552 5908 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
14:03:11.0584 5908 SensrSvc - ok
14:03:11.0630 5908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
14:03:11.0662 5908 Serenum - ok
14:03:11.0677 5908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
14:03:11.0708 5908 Serial - ok
14:03:11.0724 5908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
14:03:11.0755 5908 sermouse - ok
14:03:11.0802 5908 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
14:03:11.0896 5908 SessionEnv - ok
14:03:11.0896 5908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
14:03:11.0911 5908 sffdisk - ok
14:03:11.0942 5908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
14:03:11.0974 5908 sffp_mmc - ok
14:03:11.0974 5908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
14:03:12.0020 5908 sffp_sd - ok
14:03:12.0020 5908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
14:03:12.0052 5908 sfloppy - ok
14:03:12.0098 5908 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
14:03:12.0161 5908 SharedAccess - ok
14:03:12.0208 5908 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
14:03:12.0301 5908 ShellHWDetection - ok
14:03:12.0332 5908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
14:03:12.0332 5908 SiSRaid2 - ok
14:03:12.0364 5908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
14:03:12.0379 5908 SiSRaid4 - ok
14:03:12.0395 5908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:03:12.0488 5908 Smb - ok
14:03:12.0535 5908 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
14:03:12.0566 5908 SNMPTRAP - ok
14:03:12.0566 5908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:03:12.0598 5908 spldr - ok
14:03:12.0629 5908 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
14:03:12.0691 5908 Spooler - ok
14:03:12.0847 5908 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
14:03:12.0956 5908 sppsvc - ok
14:03:13.0237 5908 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
14:03:13.0315 5908 sppuinotify - ok
14:03:13.0456 5908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
14:03:13.0534 5908 srv - ok
14:03:13.0565 5908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
14:03:13.0596 5908 srv2 - ok
14:03:13.0643 5908 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
14:03:13.0674 5908 SrvHsfHDA - ok
14:03:13.0768 5908 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
14:03:13.0846 5908 SrvHsfV92 - ok
14:03:14.0267 5908 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
14:03:14.0314 5908 SrvHsfWinac - ok
14:03:14.0345 5908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
14:03:14.0376 5908 srvnet - ok
14:03:14.0407 5908 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
14:03:14.0501 5908 SSDPSRV - ok
14:03:14.0516 5908 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
14:03:14.0563 5908 SstpSvc - ok
14:03:14.0594 5908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
14:03:14.0610 5908 stexstor - ok
14:03:14.0657 5908 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
14:03:14.0719 5908 stisvc - ok
14:03:14.0719 5908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:03:14.0735 5908 swenum - ok
14:03:14.0797 5908 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
14:03:14.0860 5908 swprv - ok
14:03:14.0969 5908 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
14:03:15.0016 5908 SynTP - ok
14:03:15.0421 5908 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
14:03:15.0484 5908 SysMain - ok
14:03:15.0764 5908 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
14:03:15.0827 5908 TabletInputService - ok
14:03:15.0858 5908 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
14:03:15.0889 5908 TapiSrv - ok
14:03:15.0905 5908 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
14:03:15.0936 5908 TBS - ok
14:03:16.0154 5908 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
14:03:16.0232 5908 Tcpip - ok
14:03:16.0716 5908 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
14:03:16.0763 5908 TCPIP6 - ok
14:03:17.0153 5908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
14:03:17.0231 5908 tcpipreg - ok
14:03:17.0278 5908 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
14:03:17.0293 5908 tdcmdpst - ok
14:03:17.0309 5908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:03:17.0340 5908 TDPIPE - ok
14:03:17.0371 5908 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
14:03:17.0418 5908 TDTCP - ok
14:03:17.0434 5908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
14:03:17.0496 5908 tdx - ok
14:03:17.0527 5908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
14:03:17.0543 5908 TermDD - ok
14:03:17.0574 5908 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
14:03:17.0636 5908 TermService - ok
14:03:17.0652 5908 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
14:03:17.0668 5908 Themes - ok
14:03:17.0699 5908 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
14:03:17.0761 5908 THREADORDER - ok
14:03:17.0839 5908 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:03:17.0870 5908 TMachInfo - ok
14:03:17.0917 5908 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
14:03:17.0948 5908 TODDSrv - ok
14:03:18.0042 5908 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:03:18.0089 5908 TosCoSrv - ok
14:03:18.0214 5908 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:03:18.0245 5908 TOSHIBA Bluetooth Service - ok
14:03:18.0307 5908 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:03:18.0338 5908 TOSHIBA eco Utility Service - ok
14:03:18.0432 5908 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:03:18.0448 5908 TOSHIBA HDD SSD Alert Service - ok
14:03:18.0838 5908 tosrfbd (09cf82c0068c7cff7e2b3797be7f5cc2) C:\windows\system32\DRIVERS\tosrfbd.sys
14:03:18.0869 5908 tosrfbd - ok
14:03:18.0884 5908 Tosrfcom - ok
14:03:18.0916 5908 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
14:03:18.0931 5908 tosrfec - ok
14:03:18.0978 5908 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
14:03:18.0994 5908 Tosrfusb - ok
14:03:19.0056 5908 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
14:03:19.0087 5908 tos_sps64 - ok
14:03:19.0181 5908 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:03:19.0243 5908 TPCHSrv - ok
14:03:19.0540 5908 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
14:03:19.0633 5908 TrkWks - ok
14:03:19.0696 5908 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
14:03:19.0774 5908 TrustedInstaller - ok
14:03:19.0867 5908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
14:03:19.0961 5908 tssecsrv - ok
14:03:19.0992 5908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
14:03:20.0008 5908 TsUsbFlt - ok
14:03:20.0008 5908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
14:03:20.0039 5908 TsUsbGD - ok
14:03:20.0086 5908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
14:03:20.0179 5908 tunnel - ok
14:03:20.0226 5908 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:03:20.0242 5908 TVALZ - ok
14:03:20.0273 5908 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
14:03:20.0288 5908 TVALZFL - ok
14:03:20.0335 5908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
14:03:20.0366 5908 uagp35 - ok
14:03:20.0398 5908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
14:03:20.0476 5908 udfs - ok
14:03:20.0522 5908 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
14:03:20.0538 5908 UI0Detect - ok
14:03:20.0554 5908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
14:03:20.0569 5908 uliagpkx - ok
14:03:20.0585 5908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
14:03:20.0600 5908 umbus - ok
14:03:20.0632 5908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
14:03:20.0663 5908 UmPass - ok
14:03:20.0928 5908 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:03:20.0990 5908 UNS - ok
14:03:21.0302 5908 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
14:03:21.0380 5908 upnphost - ok
14:03:21.0521 5908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
14:03:21.0568 5908 usbccgp - ok
14:03:21.0583 5908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
14:03:21.0614 5908 usbcir - ok
14:03:21.0646 5908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
14:03:21.0661 5908 usbehci - ok
14:03:21.0708 5908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
14:03:21.0755 5908 usbhub - ok
14:03:21.0770 5908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
14:03:21.0802 5908 usbohci - ok
14:03:21.0817 5908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
14:03:21.0864 5908 usbprint - ok
14:03:21.0880 5908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:03:21.0926 5908 USBSTOR - ok
14:03:21.0958 5908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
14:03:21.0989 5908 usbuhci - ok
14:03:22.0020 5908 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
14:03:22.0067 5908 usbvideo - ok
14:03:22.0098 5908 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
14:03:22.0160 5908 UxSms - ok
14:03:22.0176 5908 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
14:03:22.0207 5908 VaultSvc - ok
14:03:22.0254 5908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
14:03:22.0285 5908 vdrvroot - ok
14:03:22.0348 5908 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
14:03:22.0441 5908 vds - ok
14:03:22.0441 5908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:03:22.0457 5908 vga - ok
14:03:22.0457 5908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:03:22.0504 5908 VgaSave - ok
14:03:22.0519 5908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
14:03:22.0535 5908 vhdmp - ok
14:03:22.0566 5908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
14:03:22.0582 5908 viaide - ok
14:03:22.0597 5908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
14:03:22.0628 5908 volmgr - ok
14:03:22.0675 5908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
14:03:22.0706 5908 volmgrx - ok
14:03:22.0722 5908 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
14:03:22.0753 5908 volsnap - ok
14:03:22.0816 5908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
14:03:22.0847 5908 vsmraid - ok
14:03:22.0940 5908 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
14:03:23.0050 5908 VSS - ok
14:03:23.0424 5908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:03:23.0455 5908 vwifibus - ok
14:03:23.0486 5908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:03:23.0533 5908 vwififlt - ok
14:03:23.0611 5908 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
14:03:23.0689 5908 W32Time - ok
14:03:23.0720 5908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
14:03:23.0752 5908 WacomPen - ok
14:03:23.0783 5908 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:03:23.0861 5908 WANARP - ok
14:03:23.0861 5908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
14:03:23.0923 5908 Wanarpv6 - ok
14:03:24.0017 5908 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
14:03:24.0079 5908 WatAdminSvc - ok
14:03:24.0173 5908 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
14:03:24.0235 5908 wbengine - ok
14:03:24.0547 5908 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
14:03:24.0594 5908 WbioSrvc - ok
14:03:24.0610 5908 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
14:03:24.0672 5908 wcncsvc - ok
14:03:24.0688 5908 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
14:03:24.0734 5908 WcsPlugInService - ok
14:03:24.0859 5908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
14:03:24.0890 5908 Wd - ok
14:03:24.0922 5908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:03:24.0968 5908 Wdf01000 - ok
14:03:25.0000 5908 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:03:25.0093 5908 WdiServiceHost - ok
14:03:25.0093 5908 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
14:03:25.0124 5908 WdiSystemHost - ok
14:03:25.0171 5908 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
14:03:25.0234 5908 WebClient - ok
14:03:25.0265 5908 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
14:03:25.0327 5908 Wecsvc - ok
14:03:25.0343 5908 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
14:03:25.0374 5908 wercplsupport - ok
14:03:25.0421 5908 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
14:03:25.0514 5908 WerSvc - ok
14:03:25.0639 5908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:03:25.0717 5908 WfpLwf - ok
14:03:25.0733 5908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:03:25.0733 5908 WIMMount - ok
14:03:25.0795 5908 WinDefend - ok
14:03:25.0811 5908 WinHttpAutoProxySvc - ok
14:03:25.0951 5908 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
14:03:26.0029 5908 Winmgmt - ok
14:03:26.0138 5908 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
14:03:26.0248 5908 WinRM - ok
14:03:26.0575 5908 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
14:03:26.0653 5908 Wlansvc - ok
14:03:26.0747 5908 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:03:26.0762 5908 wlcrasvc - ok
14:03:26.0903 5908 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:03:26.0965 5908 wlidsvc - ok
14:03:27.0340 5908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:03:27.0371 5908 WmiAcpi - ok
14:03:27.0527 5908 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
14:03:27.0558 5908 wmiApSrv - ok
14:03:27.0636 5908 WMPNetworkSvc - ok
14:03:27.0683 5908 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
14:03:27.0730 5908 WPCSvc - ok
14:03:27.0745 5908 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
14:03:27.0776 5908 WPDBusEnum - ok
14:03:27.0808 5908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:03:27.0870 5908 ws2ifsl - ok
14:03:27.0886 5908 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
14:03:27.0917 5908 wscsvc - ok
14:03:27.0917 5908 WSearch - ok
14:03:28.0042 5908 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
14:03:28.0120 5908 wuauserv - ok
14:03:28.0494 5908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
14:03:28.0603 5908 WudfPf - ok
14:03:28.0619 5908 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
14:03:28.0712 5908 WUDFRd - ok
14:03:28.0759 5908 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
14:03:28.0822 5908 wudfsvc - ok
14:03:28.0837 5908 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
14:03:28.0868 5908 WwanSvc - ok
14:03:28.0931 5908 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:03:29.0633 5908 \Device\Harddisk0\DR0 - ok
14:03:29.0664 5908 Boot (0x1200) (ef4e68f9ec02aabec2867b5de2945259) \Device\Harddisk0\DR0\Partition0
14:03:29.0664 5908 \Device\Harddisk0\DR0\Partition0 - ok
14:03:29.0664 5908 ============================================================
14:03:29.0664 5908 Scan finished
14:03:29.0664 5908 ============================================================
14:03:29.0695 0304 Detected object count: 1
14:03:29.0695 0304 Actual detected object count: 1
14:04:09.0257 0304 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
14:04:09.0257 0304 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

#7 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 June 2012 - 07:52 PM

I ran GMER as instructed, but after the scan (very long) I got a message box that said that it 'hasn't found any system modifications'. The main screen was empty, and when I pushed copy nothing appeared.

Here are the logs from OTL:

OTL logfile created on: 6/27/2012 2:12:27 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free
11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 14:11:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce\Downloads\OTL (2).exe
PRC - [2012/04/16 13:36:01 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/06/04 13:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 08:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 18:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 06:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 11:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 11:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/23 08:02:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 14:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/01 14:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 07:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/31 09:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/08 14:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/07 12:02:00 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/05/20 06:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 08:03:00 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/02/08 16:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 16:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 12:27:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/12/17 16:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/01 13:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 09:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/18 11:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 13:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/30 17:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 12:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 12:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 16:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 10:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481}
IE:64bit: - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481}
IE - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3196716
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {4BBCB661-490B-4B73-9F25-4084943E3DA1}
IE - HKCU\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{3A362049-F5FA-4113-ABEC-BC645154FB6F}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\..\SearchScopes\{4BBCB661-490B-4B73-9F25-4084943E3DA1}: "URL" = http://www.google.co...1I7TSNP_enUS480
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 08:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/26 12:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/16 13:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/04/16 13:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce\AppData\Roaming\Mozilla\Extensions
[2012/04/25 17:19:19 | 000,564,731 | ---- | M] () (No name found) -- C:\USERS\JOYCE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I6CMFF2T.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887}: DhcpNameServer = 50.50.0.50
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 14:04:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/27 14:00:47 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe
[2012/06/27 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/27 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Conduit
[2012/06/27 13:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2012/06/26 08:04:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joyce\Desktop\dds.com
[2012/06/24 17:15:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Malwarebytes
[2012/06/24 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 17:15:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/24 06:32:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/24 06:32:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/24 06:32:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/24 06:32:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/24 06:32:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/24 06:32:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/24 06:32:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/24 06:32:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/17 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Diagnostics
[2012/06/13 07:26:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/13 07:26:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/13 07:26:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/13 07:26:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/13 07:26:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/13 07:26:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/13 07:26:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/13 07:26:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/13 07:26:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/13 07:26:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/13 07:26:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/13 07:26:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 07:26:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/12 11:38:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/12 11:38:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/12 11:38:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/12 11:38:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/12 11:38:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/12 11:38:15 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/12 11:38:14 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/12 11:38:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/12 11:38:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/11 08:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/07 19:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place
[2012/06/07 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update
[2012/06/07 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\Documents\Book Place
[2012/06/07 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Book Place
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 14:00:50 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe
[2012/06/27 13:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 13:55:18 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/27 13:55:18 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/27 13:55:18 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/27 13:51:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 13:51:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/27 13:50:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 13:31:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 05:59:13 | 100,746,374 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/06/26 08:04:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joyce\Desktop\dds.com
[2012/06/25 18:50:53 | 000,263,267 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/24 19:13:44 | 000,001,579 | ---- | M] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk
[2012/06/24 18:33:55 | 000,001,593 | ---- | M] () -- C:\Users\Joyce\Desktop\Mozilla.lnk
[2012/06/24 18:33:08 | 000,001,689 | ---- | M] () -- C:\Users\Joyce\Desktop\Word.lnk
[2012/06/24 18:32:49 | 000,001,700 | ---- | M] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk
[2012/06/24 18:32:03 | 000,001,669 | ---- | M] () -- C:\Users\Joyce\Desktop\Excel.lnk
[2012/06/24 17:15:16 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 17:05:38 | 000,000,152 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bcr
[2012/06/24 17:05:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bc
[2012/06/24 17:05:36 | 000,000,690 | ---- | M] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/24 17:05:33 | 000,000,256 | ---- | M] () -- C:\ProgramData\0UsElvON0Pc1Bc
[2012/06/23 08:02:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 08:02:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/20 11:38:23 | 029,725,628 | ---- | M] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv
[2012/06/13 09:01:01 | 000,341,296 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/11 08:29:20 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 06:16:52 | 000,773,050 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/02 12:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/02 12:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/02 12:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/02 12:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/02 12:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/02 12:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 13:42:25 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/27 13:42:25 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/27 13:42:25 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/27 13:42:25 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/27 13:42:25 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/27 13:42:25 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/06/27 13:42:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/27 13:42:25 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/27 13:42:25 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/06/27 13:42:25 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/06/27 13:42:25 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/06/27 13:42:25 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/27 13:42:24 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/06/27 13:42:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/06/27 13:42:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/27 13:42:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/27 13:42:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/27 13:42:22 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
[2012/06/24 19:13:44 | 000,001,579 | ---- | C] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk
[2012/06/24 18:33:55 | 000,001,593 | ---- | C] () -- C:\Users\Joyce\Desktop\Mozilla.lnk
[2012/06/24 18:33:08 | 000,001,689 | ---- | C] () -- C:\Users\Joyce\Desktop\Word.lnk
[2012/06/24 18:32:49 | 000,001,700 | ---- | C] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk
[2012/06/24 18:32:03 | 000,001,669 | ---- | C] () -- C:\Users\Joyce\Desktop\Excel.lnk
[2012/06/24 17:15:16 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 17:05:38 | 000,000,152 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bcr
[2012/06/24 17:05:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bc
[2012/06/24 17:05:36 | 000,000,690 | ---- | C] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/24 17:05:33 | 000,000,256 | ---- | C] () -- C:\ProgramData\0UsElvON0Pc1Bc
[2012/06/20 11:38:06 | 029,725,628 | ---- | C] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv
[2012/06/07 19:29:13 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/31 09:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/31 09:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 09:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/08/31 09:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 09:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 16:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/04/16 12:45:21 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\AVG2012
[2012/06/07 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Book Place
[2012/04/16 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Thunderbird
[2012/04/18 07:11:20 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Tific
[2012/04/16 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Toshiba
[2012/04/16 12:20:54 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\WinBatch
[2009/07/13 19:08:49 | 000,021,658 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 6/27/2012 2:12:27 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free
11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD08226-5C37-4DD1-976E-B98D08F4ABCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C1BDA28-7E2F-4EFD-AF48-05CB4F71CEE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DFF034E-1B3F-4E48-8944-806B508759AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FDBEAB0-72B9-4ACC-83DB-27B36BBA08B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3395C4B1-87CA-4262-86EE-380DCDEE4452}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EBE1FFD-0110-493B-B313-A9D7EEF4C11E}" = rport=445 | protocol=6 | dir=out | app=system |
"{43AA7A29-D948-418A-880C-6F4E2ADB64E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{448B9F09-636C-4487-83AF-3F323465023C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45B5CDAD-7AAB-4EE9-BE36-BADF7196A92B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72AF5C45-0076-4822-91E0-9FE9FBB9108E}" = lport=137 | protocol=17 | dir=in | app=system |
"{74FD300F-D2C7-4A97-BF33-6980BCF600B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{86EA9215-F541-4F12-A03A-7FDF86E139E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96379E79-EDB3-4AD0-A348-6D9E479D04A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D6B6896-E696-436C-A122-A7FF13975742}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1CBB235-06D5-44A7-A0E6-A021880620C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2AC192B-4D20-49C5-84B3-A576DCACEBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0C7215F-7951-4D53-AD4D-6B3CC8E94A31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6B29912-2B19-48D1-AA5F-2EF98C2DFA23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8151D2C-C66D-43DF-8C8A-7F704B2C4875}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DAC149F3-71A3-4102-AA4D-30FACA3033E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E68BCF30-B7E5-43DC-AA12-9BDA298A86E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{ECE60CC3-9D67-4403-AF59-4E3C8C4BDA98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F44B56C4-B71A-4D94-BE9C-D6D80D16CDD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F847AE1C-BBEF-4833-BA62-511E61E71342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF7AC202-B0FA-43C1-A112-5BA874211943}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CEC340-2DA7-493C-BF96-1B03985FE5F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0858B167-102D-4EA3-B64C-3A7D5190F0FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A7B8878-E9EE-47BE-9923-54CF19C3A7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{112C8AF8-CD1A-4139-AD73-460BB2044705}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13D7EC2C-3F04-45D8-BB65-13EFBC8CC87F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18EF97D9-9E61-4429-89E9-08F830E9E38B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1A81A0EB-13FE-465A-B845-E59827742BA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{252CA925-BA77-4190-9839-B7C788A32C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{27D76825-DDBF-45D8-95FC-EC36FAD1E652}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{31BE9373-CE5C-4A1C-849A-69308F499D09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B594D25-93ED-4EFF-9A0F-B4D6316B000F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4689ECCE-7916-4500-B28A-7C38E3A9702C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4D1938BA-5096-4656-9453-E87BAE2831C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56750813-2DEB-431C-9BBF-2DC5534E51BD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{59F6AA48-809A-467A-82AB-740F7E4CAA79}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{787DA264-623B-4826-BC05-D3C56A16B71F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{799DF9E4-3766-4589-9C34-44E1F5B50446}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{902CA8DA-6381-4BCE-BBC0-D3586F1C073F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{93B4E719-AE66-4853-B083-A07A414B8EBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{945E1027-428D-423D-90B6-495CC42AF4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97C9FCD5-ED4A-4A8F-A29A-34C07ADB3409}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B88AFCD-7DF6-445C-9C34-5F5F3653E3A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C454FCB-4433-40D2-BC26-7FFF5E2EB0C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A790E0A4-85F5-4396-86A6-C84509C8C2BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7DBBE3D-69BC-491C-8E40-2ECD1620E021}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A7DC7ADA-557E-4D2B-B4DC-ABABC38108FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A812DBE1-F473-4874-9CD2-A88DD9986FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8CCD001-9EBA-4540-9AA6-6B8FFE00ED48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE959908-7F14-4426-8C6E-783F808E41B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C9E4C857-2AE9-4315-AB69-B22A124CDE5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDE32480-BFE6-44D1-9DFD-C77F31DFF078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D294B24A-7243-4335-B9DC-B8A5F8305812}" = protocol=6 | dir=out | app=system |
"{D853A78D-93E5-488C-9795-97AF9DEDEB11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D86DC020-064F-4962-8A29-50E903CD4210}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DF08559A-CC73-4E64-8643-E74F605A6006}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E24E2DBB-6EF2-4D35-A74B-DC054B60FFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E76712C1-CDC8-46A0-9DA0-8761F3C5E9D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3EE523C-6CDB-4421-99C8-71DF7BCFEEEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2012
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MozBackup" = MozBackup 1.5.1
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WiseConvert Toolbar" = WiseConvert Toolbar
"WTA-05a36915-ab0b-4afb-91f4-85c38665ca8a" = Polar Bowler
"WTA-14f835bc-c0d2-4206-ab27-88e1661322a9" = Plants vs. Zombies - Game of the Year
"WTA-274138f0-21fd-4e6f-8a2b-6e3018c67a30" = Zuma's Revenge
"WTA-43378099-d046-4cdc-a852-6fac76352101" = RollerCoaster Tycoon 3: Platinum
"WTA-4d3db7cc-9fa7-4f89-b360-7baa7eecaed5" = Bejeweled 3
"WTA-4de2cb34-3477-4d28-980f-a2bb3004cf1b" = Letters from Nowhere 2
"WTA-aabc3804-6e0b-47ed-89c9-0f18583fbd03" = Tales of Lagoona
"WTA-bd43cf5c-c367-41ab-b1ff-ca18fd300e31" = FATE - The Traitor Soul
"WTA-c25213e7-7df6-4e91-a1f5-85b340f4f8e1" = Virtual Villagers 4 - The Tree of Life
"WTA-e57f0014-a6e8-45fe-941a-d03413c3f943" = Penguins!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2012 1:07:47 AM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 6/11/2012 12:21:39 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 6/11/2012 12:22:35 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 6/12/2012 1:35:29 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 6/12/2012 1:36:23 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2012 1:22:53 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 6/13/2012 1:23:47 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >

#8 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 June 2012 - 07:58 PM

Last but not least, the results of Security Check:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 25
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Thunderbird (12.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


I cannot thank you enough! Joyce

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 June 2012 - 07:33 AM

Joyce,
You are very welcome. I am very glad to see you have made good headway. The real genius is Grinler at BC.
You are over the main hurddle. Now some additional checks to see if there are remnants of the rogue malware.

MBAM run
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Next
You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member joyceschiffer1 only. If you are a casual viewer, do NOT try this on your system!
If you are not joyce and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.


A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Next
RE-Enable your antivirus program.

Java maintenance
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Reply with a copy of the C:\Combofix.txt log and the MBAM scan log for review.

Edited by Maurice Naggar, 28 June 2012 - 07:35 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 28 June 2012 - 07:39 PM

Here is the MBAM scan log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joyce :: JOYCE-PC [administrator]
6/28/2012 1:26:57 PM
mbam-log-2012-06-28 (13-26-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211116
Time elapsed: 2 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

And the Combofix log:

ComboFix 12-06-28.03 - Joyce 06/28/2012 13:35:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4513 [GMT -10:00]
Running from: c:\users\Joyce\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0UsElvON0Pc1Bc
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 00:23 . 2012-06-28 00:24 -------- d-----w- C:\ARK
2012-06-28 00:04 . 2012-06-28 00:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\program files (x86)\Conduit
2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\users\Joyce\AppData\Local\Conduit
2012-06-27 23:31 . 2012-06-27 23:35 -------- d-----w- c:\program files (x86)\WiseConvert
2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\users\Joyce\AppData\Roaming\Malwarebytes
2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 03:15 . 2012-04-05 01:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 16:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 16:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 16:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 16:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 16:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 16:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 16:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 16:32 . 2012-06-03 01:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 16:32 . 2012-06-03 01:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 04:13 . 2012-06-18 04:13 -------- d-----w- c:\users\Joyce\AppData\Local\Diagnostics
2012-06-12 21:38 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-08 05:31 . 2012-06-08 05:31 -------- d-----w- c:\programdata\Book Place
2012-06-08 05:30 . 2012-06-08 05:30 -------- d-----w- c:\users\Public\Book Place
2012-06-08 05:26 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Local\Kjs.AppLife.Update
2012-06-08 05:18 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Roaming\Book Place
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 18:02 . 2012-04-24 15:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 18:02 . 2011-11-03 06:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 14:50 . 2012-04-19 14:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-16 22:21 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:02]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-28 13:53:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 23:53
.
Pre-Run: 434,266,714,112 bytes free
Post-Run: 434,286,301,184 bytes free
.
- - End Of File - - 3D472CD158CC9DE043F5370B3FBC7850

I followed all the steps on removing the old version of Java and installing the new one. Worked perfectly and I can see that I have it installed, but when I went to the link to test it it said that I did not have it. ????

Again, my thanks,
Joyce

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 June 2012 - 09:20 PM

Joyce,
I suggest you do 1 online check and also re-run Security Check (which you already have).

Turn off your antivirus so that it does not interfere. Leave your firewall on.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics
When the scan completes, click the "I want to decide item by item" button.
For each item found, Select "Disinfect" and click "Next".
When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

NEXT:
Re-run Security Check one more time. Copy & Paste the Checkup.txt into a reply also, for review.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#12 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 June 2012 - 02:18 PM

Hi Maurice,

When I try to run the F-Secure Online Scanner, I freeze. I go to the main page click on the lower right corner to download on line scanner. A window pops up saying it will download Java. The progress bar fills in a second, the estimated time remaining thing says 0 seconds, then nothing. I waited about 10 minutes but cannot do anything. Cursor moves, but I cannot close the button, or return to the F Secure main page, or go to this tab. I do have my antivirus turned off.

Thanks,
Joyce

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 June 2012 - 03:01 PM

Let's do this then --- just one time.
Start Internet Explorer. press SHIFT+CTRL+Delete keys to bring up IE dialog. Have it delete temporary files. allow it & confirm to do that.

Then, again, just one time - - we can make sure your Java is current, by the following:
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.


When all set, try the F-Secure scan just one time. Be sure you are using Internet Explorer browser !
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 June 2012 - 08:12 PM

Having much better luck now. The Java install went fine and I verified that I have it. Here is the report from F-Secure, they didn't find anything, will run Secure Check again and post that.

Scanning Report

Friday, June 29, 2012 14:40:45 - 15:03:32


Computer name: JOYCE-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


No malware found



Statistics

Scanned:
  • Files: 133394
  • System: 5735
  • Not scanned: 172
Actions:
  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSWOW64\LOG.TXT
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
  • C:\USERS\JOYCE\NTUSER.DAT
  • C:\USERS\JOYCE\NTUSER.DAT.LOG1
  • C:\USERS\JOYCE\NTUSER.DAT.LOG2
  • C:\USERS\JOYCE\APPDATA\LOCAL\TOSHIBA\FLASHCARDS\LOG.TXT
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG7010.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG72C0.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REGA0F0.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF4DBB17EAB102C398.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DFDBABE5578CD36762.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF52F75A5A6A284998.TMP
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{0F6A829C-C249-11E1-8424-047D7B747F58}.DAT
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{0F6A829D-C249-11E1-8424-047D7B747F58}.DAT
  • C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{53597643-C24A-11E1-8424-047D7B747F58}.DAT
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
  • C:\SYSTEM VOLUME INFORMATION\{1CA5DBE2-C147-11E1-8BA6-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{336824B3-C17F-11E1-A680-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{337048A6-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{337048AA-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{337048AE-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{337048B2-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3DEA5C3F-B187-11E1-897D-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{416ADCC0-B57C-11E1-AA6F-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{60B3C704-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{60B3C723-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{7C377ABF-BE19-11E1-881E-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{C8B716C0-B316-11E1-9012-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{E8216CD6-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{E8216CDA-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{FE587156-C17C-11E1-8840-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT
  • C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT
  • C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT
  • C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT
  • C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT
  • C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT
  • C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT
  • C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT
  • C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT
  • C:\QOOBOX\BACKENV\SETPATH.BAT
  • C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT
  • C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT
  • C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT
  • C:\QOOBOX\BACKENV\SYSPATH.DAT
  • C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\VIKPEV00
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\010258AC4A4217754C155BAC94388462_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031C76FBE8F4903B156B9BB241BDA823_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054FE8C507FAEE3F5A144114E0463F08_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0615590B0873E717D186BEE01360F0B1_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07F4FB150FCE873D10F23E67A6D37C7C_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0925D6933FF2B974EBAB3261FD7E92D8_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\199AD386A1FDBB8E7F3A872FCE3265FD_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19C3E665F6E5DFF6CD3ADF9E10B0575A_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C3A2D2259C497AACBA6510E6208C66F_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D46698231337DA45C3835A6E89F98DC_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2504F686AB2E5BB534B91D8EFD27A584_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\290BCD4940E8124D549ADE13B9CF2B88_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D1F8BCFB0094D4E6827D3BDCF7B5EC0_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343799448474C4D44B67E70BB82346F6_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\359669180D680ED6A7B4E28C8AFD40BB_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35C90D0075F56A05CAC84E98CFF48C56_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\378FF9DB80F09AFDABA04CFE1BF7EB91_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2CC2140DFEF054E3C3E0777BC14A6_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40CABC1DB9EDD669D10136F706B50C4F_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\415B9B317998F97090A6A19C8F206555_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44240C436D04AEE726BDDC7AAB7A5A79_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5789D4997BADA931065EA4620942196E_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40F110F965932325618F9129134B49C1_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C76F82453B34E6552B2DCEC3C808D83_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CE37A5F5BB02411ED642BBCF2DBE468_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45298FFC80787B8FB0620DE093325B7A_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2E91282EE222CC18E9AD0579ED95C4_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67D549002BB281DF5A4DFDE7F1104CCB_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E019C1455FAC382EA4D0D53E6AFDA1B_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7216727187BF9796F5DF8675E3FBDB66_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74DDB10EE659A16D786460A408F256ED_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79BC206C570753DF31922B42F9546E03_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A238516CCA0C288BA4DA8E1EEFE9BC2_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AD73F81DAA82C23D721C1F1FC60A0FD_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D54DA2166C2261C8A63A65AD0A3EFD6_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7ACEBBCEC7C73CF971117821582CE067_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B004F54EAA41A77B4DFCEEBC4CC78FE_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EB03492186DCE8402C80DBC7754DB4_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939B5385E1BAF87C604B5DEB1E22DC8C_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA9562D86F41EA976054B20AD1B0C77_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92F1785F58DDA2FDB76835BF31AD4F8A_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A05F674F852A4D466805444D8CEC0D9E_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE105E081C1CCA2A7DC86A20C36EF711_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C025FABC3AECF45F73DFC663E304C0A6_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE883EDC5BD522F1ED507CC2FDDD9FD3_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9C3286309C3DA170DB1B535800A78EF_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDD3FAE542AE2488D81AAC2A393E4E39_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D033E018AE52DE9F8BAE3DC6E82E6BBD_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2A3CEE03DC7B29974A7C8336093BBDD_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D71C765FD15D344F93AF75E9C9C4BB82_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB3068F9FCB8F981659723E2C850F9DC_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9164F7E6EBD20983E138941011096D_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9C3ADEE348A6C635D622F3740D50A5_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0A0380748250137DCD2CC37146C1F88_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB133C8F67D17D86109CC272E157AA62_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9E3A81CEA5CD3355BE18279906DB6EC_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3F5C80489836903B1FEEA82EC237AD2_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD82ECE470EEBC90C2618D26596F95D_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F41D89219C445F5D6F728D35E82771CF_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C760343D2A11799BFE0798B7A5B3524B_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F47B3CEF71DA89BC9BDE94A42B77D756_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CCCDB11C8FC14FA7FCC03FEAF4B7179_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA4FAB6A7ABD6E85795F6D97133DED42_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE124C2B141E8FE54C30F2E916D15EEB_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F85D8D011DAB7614FF390CF666CC42C7_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8A2B9837E84F9A5FF9DA9A794E55726_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7546966C76844E261F1E4EC5354EE44_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEC09F73AD856C8EDA559D8642A0F144_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF9E76BF58285069E6A7D63E1406A3A_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD32D388B5AF5CF07184EDF709766988_2DC29380-729C-48C8-9688-743FC55DE718
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF20A66DC2F21072D36F5DC26B54585_2DC29380-729C-48C8-9688-743FC55DE718


Options

Scanning engines:
Scanning options:
  • Scan all files
  • Use advanced heuristics


#15 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 June 2012 - 08:16 PM

Here is the Security Check log:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Thunderbird (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 June 2012 - 10:22 AM

Joyce,
Very, very good.
We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.
Advise me when you have completed the following cleanups.

The following few steps will remove tools we used.
We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix Posted Image),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Joyce\Desktop\ComboFix /uninstall
  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter
IF in the case Combofix un-install has an issue, skip that step.

NEXT
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:
aswMBR.exe
GMER.exe
TDSSKILLER.exe
UNHIDE.exe
SecurityCheck.exe

You may go to Control Panel's Programs and Features >> locate F-Secure Online scan & select it, and right-click to uninstall (remove).
Close the applet when done. This will free up the space used by the scan utility.

Safer practicesWe are finished here. Best regards.

Edited by Maurice Naggar, 30 June 2012 - 10:24 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#17 Joyceschiffer1

Joyceschiffer1

    New Member

  • Members
  • Pip
  • 11 posts

Posted 30 June 2012 - 02:09 PM

Hi Maurice, Glad I was a good student, you are a wonderful instructor!

The removal of Combofix and OTC went perfectly. I don't see F-Secure in my Control Panel - Programs and Features list though.

We have paid for the upgraded Malwarebytes program and will be using it in the future.

Thank you so very much for all your help. Is there a way that I can pay you for your service? We have very limited rescources on this island for computer help and you really saved me lots of time, money and aggravation !

Aloha,
Joyce

#18 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 July 2012 - 09:55 AM

Aloha, Joyce.

Good going. You'll be well served by MBAM Pro. Congratulations.
My help is free. If you wish, you may consider donating to your favorite charity.

Wish you the best. Stay safe. I am closing this topic.

For casual readers: The specific fixes used here were only for this system, and not to be applied to another system.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users