Jump to content

rkearns10

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by rkearns10

  1. Elise, There seems to be no remains of the White Smoke. Thank You so much for your help. It is truly appreciated and you are a master of your craft! Ryan
  2. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by kathy at 12:50:19 on 2011-12-02 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1861 [GMT -5:00] . AV: AVG Anti-Virus Free *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Zecter\ZumoDrive\zumodrive.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\wuauclt.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Facebook Update] "C:\Users\kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe uRun: [ZumoDrive] C:\Program Files (x86)\Zecter\ZumoDrive\ZumoLauncher.lnk mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [babylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I mRun: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun: [sNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: plexus-online.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{07DA6C1E-550B-4FCF-8A40-61061DC4E70A} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\2375942554031303 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\2456C6B696E6E233633453 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\D47453E403 : DhcpNameServer = 192.168.1.1 68.237.161.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO-X64: Babylon IE plugin - No File BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [babylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I mRun-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun-x64: [sNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6482e0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?] R1 AvgTdiA;AVG Free Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?] R1 CbFs;CbFs;\??\C:\windows\system32\drivers\cbfs64.sys --> C:\windows\system32\drivers\cbfs64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-12 921952] R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-12 308136] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-22 91456] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-13 51512] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-11-30 18:36:04 98816 ----a-w- C:\windows\sed.exe 2011-11-30 18:36:04 518144 ----a-w- C:\windows\SWREG.exe 2011-11-30 18:36:04 256000 ----a-w- C:\windows\PEV.exe 2011-11-30 18:36:04 208896 ----a-w- C:\windows\MBR.exe 2011-11-30 15:07:14 -------- d-----w- C:\AVGTemp 2011-11-10 08:00:48 -------- d-----w- C:\26ac3780e75d7e64abd9bf38c36452 2011-11-09 17:56:17 1897328 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-09 17:55:59 3141120 ----a-w- C:\windows\System32\win32k.sys 2011-11-09 03:21:43 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 03:21:43 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-07 17:32:28 -------- d-----w- C:\Users\kathy\AppData\Roaming\ZumoDrive 2011-11-07 17:32:18 191960 ----a-w- C:\windows\System32\drivers\cbfs64.sys 2011-11-07 17:32:18 -------- d-----w- C:\Program Files (x86)\Zecter 2011-11-05 20:12:28 -------- d-----w- C:\Program Files\iTunes 2011-11-05 20:12:28 -------- d-----w- C:\Program Files\iPod 2011-11-05 20:09:21 -------- d-----w- C:\Program Files\Bonjour 2011-11-05 20:09:21 -------- d-----w- C:\Program Files (x86)\Bonjour . ==================== Find3M ==================== . 2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2011-10-01 03:21:20 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb . ============= FINISH: 12:50:45.05 ===============
  3. ComboFix 11-11-30.01 - kathy 11/30/2011 13:37:53.1.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2760 [GMT -5:00] Running from: c:\users\kathy\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\icon.ico c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\Toolbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\users\kathy\.COMMgr c:\users\kathy\AppData\Roaming\Adobe\plugs c:\users\kathy\AppData\Roaming\Adobe\shed c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\searchplugins\bing-zugo.xml c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 18:46 . 2011-11-30 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-30 15:07 . 2011-11-30 15:07 -------- d-----w- C:\AVGTemp 2011-11-10 08:00 . 2011-11-10 08:03 -------- d-----w- C:\26ac3780e75d7e64abd9bf38c36452 2011-11-09 17:56 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 17:55 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 03:21 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 03:21 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-07 17:32 . 2011-11-30 17:53 -------- d-----w- c:\users\kathy\AppData\Roaming\ZumoDrive 2011-11-07 17:32 . 2011-11-07 17:32 -------- d-----w- c:\program files (x86)\Zecter 2011-11-07 17:32 . 2010-12-18 01:40 191960 ----a-w- c:\windows\system32\drivers\cbfs64.sys 2011-11-05 20:12 . 2011-11-05 20:13 -------- d-----w- c:\program files\iTunes 2011-11-05 20:12 . 2011-11-05 20:12 -------- d-----w- c:\program files\iPod 2011-11-05 20:09 . 2011-11-05 20:09 -------- d-----w- c:\program files\Bonjour 2011-11-05 20:09 . 2011-11-05 20:09 -------- d-----w- c:\program files (x86)\Bonjour 2011-11-05 20:02 . 2011-11-05 20:02 -------- d-----w- c:\program files (x86)\Apple Software Update . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-01 03:21 . 2011-10-16 00:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:59 . 2011-10-16 00:11 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-11-25 2463048] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-11-25 13:49 2463048 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-11-25 2463048] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408] "Facebook Update"="c:\users\kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-23 137536] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "ZumoDrive"="c:\program files (x86)\Zecter\ZumoDrive\ZumoLauncher.lnk" [2011-11-07 2002] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-14 2071904] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752] "BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720] "Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2010-08-10 3824056] "SNM"="c:\program files (x86)\SpyNoMore\SNM.exe" [2010-07-12 1067984] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-11-25 517448] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 135664] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x] S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x] S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-08-12 921952] S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-12 308136] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688] S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4095411527-2750447053-1821409276-1000Core.job - c:\users\kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 00:12] . 2011-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4095411527-2750447053-1821409276-1000UA.job - c:\users\kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 00:12] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 02:02] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 02:02] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095411527-2750447053-1821409276-1000Core.job - c:\users\kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 03:12] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095411527-2750447053-1821409276-1000UA.job - c:\users\kathy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 03:12] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "combofix"="c:\combofix\CF29163.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\avgrssta.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm Trusted Zone: plexus-online.com\www TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6482e0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG9\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} FF - Ext: XULRunner: {454095BA-1EF6-4B91-845F-D802858155E4} - c:\users\kathy\AppData\Local\{454095BA-1EF6-4B91-845F-D802858155E4} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-AC3Filter - c:\users\kathy\Desktop\AC3Filter\uninstall.exe AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\AVG\AVG9\avgcsrvx.exe c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Completion time: 2011-11-30 13:55:48 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 18:55 . Pre-Run: 148,534,087,680 bytes free Post-Run: 148,863,025,152 bytes free . - - End Of File - - 5CB6237F46619AB0691720248E1E5256
  4. Elise, I am having trouble temporarily disabling my AVG software. I have searched google for quite some time and most websites give an external link through the AVG site with a blank, non-loading page. Any suggestions? Should I just remove AVG completely? Also, by Anti-Spyware, I assume you mean Malwarebytes Anti-Malware, is this correct?
  5. Elise, After running the Root kit tool, there are no malicious or suspicious files found... On another note, however, I attempted to uninstall Norton Internet Security (as this is what I found when searching Symantec and Symantec came up under the Company) and it will not let me uninstall. I have not attempted to uninstall AVG as I have read that AVG is preferable security of Symantec. Is this inability to uninstall Symantec due to a deeper problem in my computer? Or does it simply require a different method to uninstall?
  6. Elise, Thank You so much for your help! . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by kathy at 14:52:02 on 2011-11-29 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1067 [GMT -5:00] . AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Zecter\ZumoDrive\zumodrive.exe C:\windows\system32\conhost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\windows\system32\conhost.exe C:\windows\system32\wuauclt.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kathy\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ormaxecwns.exe] "C:\Users\kathy\AppData\Local\Temp\ormaxecwns.exe" uRun: [Google Update] "C:\Users\kathy\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe uRun: [ZumoDrive] C:\Program Files (x86)\Zecter\ZumoDrive\ZumoLauncher.lnk mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [babylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I mRun: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun: [sNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: plexus-online.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{07DA6C1E-550B-4FCF-8A40-61061DC4E70A} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\2375942554031303 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\2456C6B696E6E233633453 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4802198E-745B-4850-9D80-85623D260397}\D47453E403 : DhcpNameServer = 192.168.1.1 68.237.161.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO-X64: Babylon IE plugin - No File BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [babylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I mRun-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun-x64: [sNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup mRun-x64: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6482e0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko5.dll FF - component: C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko6.dll FF - component: C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko7.dll FF - component: C:\Users\kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ag8gfmid.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\kathy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\kathy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} FF - Ext: XULRunner: {454095BA-1EF6-4B91-845F-D802858155E4} - C:\Users\kathy\AppData\Local\{454095BA-1EF6-4B91-845F-D802858155E4} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?] R1 AvgTdiA;AVG Free Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?] R1 CbFs;CbFs;\??\C:\windows\system32\drivers\cbfs64.sys --> C:\windows\system32\drivers\cbfs64.sys [?] R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys --> C:\windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100528.003\IDSviA64.sys [2010-5-28 463408] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS --> C:\windows\system32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-12 921952] R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-12 308136] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-22 91456] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-5-26 126392] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-13 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys [2010-4-29 678448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664] S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-23 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-11-10 08:00:48 -------- d-----w- C:\26ac3780e75d7e64abd9bf38c36452 2011-11-09 17:56:17 1897328 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-09 17:55:59 3141120 ----a-w- C:\windows\System32\win32k.sys 2011-11-09 03:21:43 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 03:21:43 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-07 17:32:28 -------- d-----w- C:\Users\kathy\AppData\Roaming\ZumoDrive 2011-11-07 17:32:18 191960 ----a-w- C:\windows\System32\drivers\cbfs64.sys 2011-11-07 17:32:18 -------- d-----w- C:\Program Files (x86)\Zecter 2011-11-05 20:12:28 -------- d-----w- C:\Program Files\iTunes 2011-11-05 20:12:28 -------- d-----w- C:\Program Files\iPod 2011-11-05 20:09:21 -------- d-----w- C:\Program Files\Bonjour 2011-11-05 20:09:21 -------- d-----w- C:\Program Files (x86)\Bonjour . ==================== Find3M ==================== . 2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2011-10-01 03:21:20 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-08-31 21:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys . ============= FINISH: 14:53:50.69 ===============
  7. Hello all, Just wanted to give a shout out and say hello as this is my first post in the forum. Unfortunately, I have come down with a case of the Whitesmoke toolbar blues. This thing has just been absolutely slowing down my pc to all hell and I can't get rid of it. I've tried uninstalling it and running several Malwarebytes Anti-Malware sweeps to detect a problem, but it just won't go away. Help Please Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.