Jump to content

Joyceschiffer1

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Joyceschiffer1
    Hi Maurice, Glad I was a good student, you are a wonderful instructor! The removal of Combofix and OTC went perfectly. I don't see F-Secure in my Control Panel - Programs and Features list though. We have paid for the upgraded Malwarebytes program and will be using it in the future. Thank you so very much for all your help. Is there a way that I can pay you for your service? We have very limited rescources on this island for computer help and you really saved me lots of time, money and aggravation ! Aloha, Joyce
  2. Joyceschiffer1
    Here is the Security Check log: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.1 Java 7 Update 5 Adobe Reader X (10.1.3) Mozilla Thunderbird (13.0.1) Google Chrome 19.0.1084.56 Google Chrome 20.0.1132.47 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log``````````````````````
  3. Joyceschiffer1
    Having much better luck now. The Java install went fine and I verified that I have it. Here is the report from F-Secure, they didn't find anything, will run Secure Check again and post that. Scanning Report Friday, June 29, 2012 14:40:45 - 15:03:32 Computer name: JOYCE-PC Scanning type: Scan system for malware, spyware and rootkits Target: C:\ No malware found Statistics Scanned: Files: 133394 System: 5735 Not scanned: 172 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSWOW64\LOG.TXT C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT C:\USERS\JOYCE\NTUSER.DAT C:\USERS\JOYCE\NTUSER.DAT.LOG1 C:\USERS\JOYCE\NTUSER.DAT.LOG2 C:\USERS\JOYCE\APPDATA\LOCAL\TOSHIBA\FLASHCARDS\LOG.TXT C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG7010.TMP C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG72C0.TMP C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REGA0F0.TMP C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF4DBB17EAB102C398.TMP C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DFDBABE5578CD36762.TMP C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF52F75A5A6A284998.TMP C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1 C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2 C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{0F6A829C-C249-11E1-8424-047D7B747F58}.DAT C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{0F6A829D-C249-11E1-8424-047D7B747F58}.DAT C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{53597643-C24A-11E1-8424-047D7B747F58}.DAT C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1 C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2 C:\SYSTEM VOLUME INFORMATION\{1CA5DBE2-C147-11E1-8BA6-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{336824B3-C17F-11E1-A680-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{337048A6-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{337048AA-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{337048AE-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{337048B2-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{3DEA5C3F-B187-11E1-897D-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{416ADCC0-B57C-11E1-AA6F-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{60B3C704-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{60B3C723-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{7C377ABF-BE19-11E1-881E-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{C8B716C0-B316-11E1-9012-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{E8216CD6-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{E8216CDA-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{FE587156-C17C-11E1-8840-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT C:\QOOBOX\BACKENV\SETPATH.BAT C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT C:\QOOBOX\BACKENV\SYSPATH.DAT C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT C:\QOOBOX\BACKENV\VIKPEV00 C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\010258AC4A4217754C155BAC94388462_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031C76FBE8F4903B156B9BB241BDA823_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054FE8C507FAEE3F5A144114E0463F08_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0615590B0873E717D186BEE01360F0B1_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07F4FB150FCE873D10F23E67A6D37C7C_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0925D6933FF2B974EBAB3261FD7E92D8_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\199AD386A1FDBB8E7F3A872FCE3265FD_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19C3E665F6E5DFF6CD3ADF9E10B0575A_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C3A2D2259C497AACBA6510E6208C66F_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D46698231337DA45C3835A6E89F98DC_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2504F686AB2E5BB534B91D8EFD27A584_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\290BCD4940E8124D549ADE13B9CF2B88_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D1F8BCFB0094D4E6827D3BDCF7B5EC0_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343799448474C4D44B67E70BB82346F6_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\359669180D680ED6A7B4E28C8AFD40BB_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35C90D0075F56A05CAC84E98CFF48C56_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\378FF9DB80F09AFDABA04CFE1BF7EB91_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2CC2140DFEF054E3C3E0777BC14A6_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40CABC1DB9EDD669D10136F706B50C4F_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\415B9B317998F97090A6A19C8F206555_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44240C436D04AEE726BDDC7AAB7A5A79_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5789D4997BADA931065EA4620942196E_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40F110F965932325618F9129134B49C1_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C76F82453B34E6552B2DCEC3C808D83_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CE37A5F5BB02411ED642BBCF2DBE468_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45298FFC80787B8FB0620DE093325B7A_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2E91282EE222CC18E9AD0579ED95C4_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67D549002BB281DF5A4DFDE7F1104CCB_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E019C1455FAC382EA4D0D53E6AFDA1B_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7216727187BF9796F5DF8675E3FBDB66_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74DDB10EE659A16D786460A408F256ED_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79BC206C570753DF31922B42F9546E03_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A238516CCA0C288BA4DA8E1EEFE9BC2_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AD73F81DAA82C23D721C1F1FC60A0FD_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D54DA2166C2261C8A63A65AD0A3EFD6_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7ACEBBCEC7C73CF971117821582CE067_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B004F54EAA41A77B4DFCEEBC4CC78FE_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EB03492186DCE8402C80DBC7754DB4_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939B5385E1BAF87C604B5DEB1E22DC8C_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA9562D86F41EA976054B20AD1B0C77_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92F1785F58DDA2FDB76835BF31AD4F8A_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A05F674F852A4D466805444D8CEC0D9E_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE105E081C1CCA2A7DC86A20C36EF711_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C025FABC3AECF45F73DFC663E304C0A6_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE883EDC5BD522F1ED507CC2FDDD9FD3_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9C3286309C3DA170DB1B535800A78EF_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDD3FAE542AE2488D81AAC2A393E4E39_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D033E018AE52DE9F8BAE3DC6E82E6BBD_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2A3CEE03DC7B29974A7C8336093BBDD_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D71C765FD15D344F93AF75E9C9C4BB82_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB3068F9FCB8F981659723E2C850F9DC_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9164F7E6EBD20983E138941011096D_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9C3ADEE348A6C635D622F3740D50A5_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0A0380748250137DCD2CC37146C1F88_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB133C8F67D17D86109CC272E157AA62_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9E3A81CEA5CD3355BE18279906DB6EC_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3F5C80489836903B1FEEA82EC237AD2_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD82ECE470EEBC90C2618D26596F95D_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F41D89219C445F5D6F728D35E82771CF_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C760343D2A11799BFE0798B7A5B3524B_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F47B3CEF71DA89BC9BDE94A42B77D756_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CCCDB11C8FC14FA7FCC03FEAF4B7179_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA4FAB6A7ABD6E85795F6D97133DED42_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE124C2B141E8FE54C30F2E916D15EEB_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F85D8D011DAB7614FF390CF666CC42C7_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8A2B9837E84F9A5FF9DA9A794E55726_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7546966C76844E261F1E4EC5354EE44_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEC09F73AD856C8EDA559D8642A0F144_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF9E76BF58285069E6A7D63E1406A3A_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD32D388B5AF5CF07184EDF709766988_2DC29380-729C-48C8-9688-743FC55DE718 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF20A66DC2F21072D36F5DC26B54585_2DC29380-729C-48C8-9688-743FC55DE718 Options Scanning engines: Scanning options: Scan all files Use advanced heuristics
  4. Joyceschiffer1
    Hi Maurice, When I try to run the F-Secure Online Scanner, I freeze. I go to the main page click on the lower right corner to download on line scanner. A window pops up saying it will download Java. The progress bar fills in a second, the estimated time remaining thing says 0 seconds, then nothing. I waited about 10 minutes but cannot do anything. Cursor moves, but I cannot close the button, or return to the F Secure main page, or go to this tab. I do have my antivirus turned off. Thanks, Joyce
  5. Joyceschiffer1
    Here is the MBAM scan log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.28.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joyce :: JOYCE-PC [administrator] 6/28/2012 1:26:57 PM mbam-log-2012-06-28 (13-26-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211116 Time elapsed: 2 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) And the Combofix log: ComboFix 12-06-28.03 - Joyce 06/28/2012 13:35:53.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4513 [GMT -10:00] Running from: c:\users\Joyce\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\0UsElvON0Pc1Bc . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 00:23 . 2012-06-28 00:24 -------- d-----w- C:\ARK 2012-06-28 00:04 . 2012-06-28 00:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\program files (x86)\Conduit 2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\users\Joyce\AppData\Local\Conduit 2012-06-27 23:31 . 2012-06-27 23:35 -------- d-----w- c:\program files (x86)\WiseConvert 2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\users\Joyce\AppData\Roaming\Malwarebytes 2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\programdata\Malwarebytes 2012-06-25 03:15 . 2012-04-05 01:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 16:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 16:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 16:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 16:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 16:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 16:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 16:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 16:32 . 2012-06-03 01:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 16:32 . 2012-06-03 01:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 04:13 . 2012-06-18 04:13 -------- d-----w- c:\users\Joyce\AppData\Local\Diagnostics 2012-06-12 21:38 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-08 05:31 . 2012-06-08 05:31 -------- d-----w- c:\programdata\Book Place 2012-06-08 05:30 . 2012-06-08 05:30 -------- d-----w- c:\users\Public\Book Place 2012-06-08 05:26 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Local\Kjs.AppLife.Update 2012-06-08 05:18 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Roaming\Book Place . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 18:02 . 2012-04-24 15:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 18:02 . 2011-11-03 06:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 14:50 . 2012-04-19 14:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-04-16 22:21 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:02] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Toolbar-Locked - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-06-28 13:53:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-28 23:53 . Pre-Run: 434,266,714,112 bytes free Post-Run: 434,286,301,184 bytes free . - - End Of File - - 3D472CD158CC9DE043F5370B3FBC7850 I followed all the steps on removing the old version of Java and installing the new one. Worked perfectly and I can see that I have it installed, but when I went to the link to test it it said that I did not have it. ???? Again, my thanks, Joyce
  6. Joyceschiffer1
    Last but not least, the results of Security Check: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 25 Java version out of Date! Adobe Reader X (10.1.3) Mozilla Thunderbird (12.0.1) Google Chrome 19.0.1084.52 Google Chrome 19.0.1084.56 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log`````````````````````` I cannot thank you enough! Joyce
  7. Joyceschiffer1
    I ran GMER as instructed, but after the scan (very long) I got a message box that said that it 'hasn't found any system modifications'. The main screen was empty, and when I pushed copy nothing appeared. Here are the logs from OTL: OTL logfile created on: 6/27/2012 2:12:27 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free 11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/27 14:11:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce\Downloads\OTL (2).exe PRC - [2012/04/16 13:36:01 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe PRC - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe PRC - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/06/04 13:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/07/01 08:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011/06/09 18:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/05/24 06:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011/05/17 11:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 11:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/23 08:02:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011/07/11 14:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011/04/01 14:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/10/12 07:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/08/31 09:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/07/08 14:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011/07/07 12:02:00 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/05/20 06:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/23 08:03:00 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2011/02/08 16:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/02/03 16:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/01/27 12:27:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2010/12/17 16:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/12/01 13:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 09:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/10/18 11:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/06/18 13:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009/07/30 17:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 12:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/24 12:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/06/19 16:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/15 10:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481} IE:64bit: - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481} IE - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3196716 IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {4BBCB661-490B-4B73-9F25-4084943E3DA1} IE - HKCU\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP IE - HKCU\..\SearchScopes\{3A362049-F5FA-4113-ABEC-BC645154FB6F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\..\SearchScopes\{4BBCB661-490B-4B73-9F25-4084943E3DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS480 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 08:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/26 12:26:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/16 13:15:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/16 13:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce\AppData\Roaming\Mozilla\Extensions [2012/04/25 17:19:19 | 000,564,731 | ---- | M] () (No name found) -- C:\USERS\JOYCE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I6CMFF2T.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887}: DhcpNameServer = 50.50.0.50 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/27 14:04:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/06/27 14:00:47 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe [2012/06/27 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/06/27 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Conduit [2012/06/27 13:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert [2012/06/26 08:04:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joyce\Desktop\dds.com [2012/06/24 17:15:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Malwarebytes [2012/06/24 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/24 17:15:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/24 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012/06/24 06:32:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/06/24 06:32:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/06/24 06:32:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/06/24 06:32:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/06/24 06:32:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/06/24 06:32:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/06/24 06:32:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/06/24 06:32:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012/06/17 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Diagnostics [2012/06/13 07:26:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/06/13 07:26:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/06/13 07:26:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/06/13 07:26:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/06/13 07:26:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/06/13 07:26:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/06/13 07:26:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/06/13 07:26:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/06/13 07:26:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/06/13 07:26:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/06/13 07:26:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/06/13 07:26:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/06/13 07:26:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/06/12 11:38:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/06/12 11:38:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/06/12 11:38:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012/06/12 11:38:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/06/12 11:38:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/06/12 11:38:15 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/06/12 11:38:14 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012/06/12 11:38:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012/06/12 11:38:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012/06/11 08:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/06/07 19:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place [2012/06/07 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update [2012/06/07 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\Documents\Book Place [2012/06/07 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Book Place [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/27 14:00:50 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe [2012/06/27 13:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/27 13:55:18 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/27 13:55:18 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/27 13:55:18 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/27 13:51:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/27 13:51:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/27 13:50:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/06/27 13:31:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/27 05:59:13 | 100,746,374 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm [2012/06/26 08:04:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joyce\Desktop\dds.com [2012/06/25 18:50:53 | 000,263,267 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/24 19:13:44 | 000,001,579 | ---- | M] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk [2012/06/24 18:33:55 | 000,001,593 | ---- | M] () -- C:\Users\Joyce\Desktop\Mozilla.lnk [2012/06/24 18:33:08 | 000,001,689 | ---- | M] () -- C:\Users\Joyce\Desktop\Word.lnk [2012/06/24 18:32:49 | 000,001,700 | ---- | M] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk [2012/06/24 18:32:03 | 000,001,669 | ---- | M] () -- C:\Users\Joyce\Desktop\Excel.lnk [2012/06/24 17:15:16 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/24 17:05:38 | 000,000,152 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bcr [2012/06/24 17:05:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bc [2012/06/24 17:05:36 | 000,000,690 | ---- | M] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/06/24 17:05:33 | 000,000,256 | ---- | M] () -- C:\ProgramData\0UsElvON0Pc1Bc [2012/06/23 08:02:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/06/23 08:02:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/20 11:38:23 | 029,725,628 | ---- | M] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv [2012/06/13 09:01:01 | 000,341,296 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/11 08:29:20 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/10 06:16:52 | 000,773,050 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012/06/02 12:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/06/02 12:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/06/02 12:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/06/02 12:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/06/02 12:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/06/02 12:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/27 13:42:25 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/06/27 13:42:25 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/27 13:42:25 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/06/27 13:42:25 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012/06/27 13:42:25 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/06/27 13:42:25 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/06/27 13:42:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/06/27 13:42:25 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/06/27 13:42:25 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/06/27 13:42:25 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/06/27 13:42:25 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012/06/27 13:42:25 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/27 13:42:24 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012/06/27 13:42:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/06/27 13:42:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/06/27 13:42:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/06/27 13:42:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/06/27 13:42:22 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk [2012/06/24 19:13:44 | 000,001,579 | ---- | C] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk [2012/06/24 18:33:55 | 000,001,593 | ---- | C] () -- C:\Users\Joyce\Desktop\Mozilla.lnk [2012/06/24 18:33:08 | 000,001,689 | ---- | C] () -- C:\Users\Joyce\Desktop\Word.lnk [2012/06/24 18:32:49 | 000,001,700 | ---- | C] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk [2012/06/24 18:32:03 | 000,001,669 | ---- | C] () -- C:\Users\Joyce\Desktop\Excel.lnk [2012/06/24 17:15:16 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/24 17:05:38 | 000,000,152 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bcr [2012/06/24 17:05:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bc [2012/06/24 17:05:36 | 000,000,690 | ---- | C] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/06/24 17:05:33 | 000,000,256 | ---- | C] () -- C:\ProgramData\0UsElvON0Pc1Bc [2012/06/20 11:38:06 | 029,725,628 | ---- | C] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv [2012/06/07 19:29:13 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/08/31 09:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/08/31 09:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/08/31 09:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/08/31 09:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2011/08/31 09:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011/02/03 16:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012/04/16 12:45:21 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\AVG2012 [2012/06/07 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Book Place [2012/04/16 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Thunderbird [2012/04/18 07:11:20 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Tific [2012/04/16 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Toshiba [2012/04/16 12:20:54 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\WinBatch [2009/07/13 19:08:49 | 000,021,658 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/27/2012 2:12:27 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free 11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AD08226-5C37-4DD1-976E-B98D08F4ABCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0C1BDA28-7E2F-4EFD-AF48-05CB4F71CEE2}" = rport=10243 | protocol=6 | dir=out | app=system | "{2DFF034E-1B3F-4E48-8944-806B508759AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2FDBEAB0-72B9-4ACC-83DB-27B36BBA08B5}" = rport=139 | protocol=6 | dir=out | app=system | "{3395C4B1-87CA-4262-86EE-380DCDEE4452}" = rport=138 | protocol=17 | dir=out | app=system | "{3EBE1FFD-0110-493B-B313-A9D7EEF4C11E}" = rport=445 | protocol=6 | dir=out | app=system | "{43AA7A29-D948-418A-880C-6F4E2ADB64E2}" = lport=139 | protocol=6 | dir=in | app=system | "{448B9F09-636C-4487-83AF-3F323465023C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45B5CDAD-7AAB-4EE9-BE36-BADF7196A92B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72AF5C45-0076-4822-91E0-9FE9FBB9108E}" = lport=137 | protocol=17 | dir=in | app=system | "{74FD300F-D2C7-4A97-BF33-6980BCF600B1}" = rport=137 | protocol=17 | dir=out | app=system | "{86EA9215-F541-4F12-A03A-7FDF86E139E4}" = lport=2869 | protocol=6 | dir=in | app=system | "{96379E79-EDB3-4AD0-A348-6D9E479D04A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D6B6896-E696-436C-A122-A7FF13975742}" = lport=138 | protocol=17 | dir=in | app=system | "{B1CBB235-06D5-44A7-A0E6-A021880620C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B2AC192B-4D20-49C5-84B3-A576DCACEBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0C7215F-7951-4D53-AD4D-6B3CC8E94A31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6B29912-2B19-48D1-AA5F-2EF98C2DFA23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D8151D2C-C66D-43DF-8C8A-7F704B2C4875}" = lport=10243 | protocol=6 | dir=in | app=system | "{DAC149F3-71A3-4102-AA4D-30FACA3033E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E68BCF30-B7E5-43DC-AA12-9BDA298A86E4}" = lport=445 | protocol=6 | dir=in | app=system | "{ECE60CC3-9D67-4403-AF59-4E3C8C4BDA98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F44B56C4-B71A-4D94-BE9C-D6D80D16CDD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F847AE1C-BBEF-4833-BA62-511E61E71342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF7AC202-B0FA-43C1-A112-5BA874211943}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04CEC340-2DA7-493C-BF96-1B03985FE5F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0858B167-102D-4EA3-B64C-3A7D5190F0FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0A7B8878-E9EE-47BE-9923-54CF19C3A7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{112C8AF8-CD1A-4139-AD73-460BB2044705}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{13D7EC2C-3F04-45D8-BB65-13EFBC8CC87F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{18EF97D9-9E61-4429-89E9-08F830E9E38B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{1A81A0EB-13FE-465A-B845-E59827742BA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{252CA925-BA77-4190-9839-B7C788A32C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{27D76825-DDBF-45D8-95FC-EC36FAD1E652}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{31BE9373-CE5C-4A1C-849A-69308F499D09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B594D25-93ED-4EFF-9A0F-B4D6316B000F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4689ECCE-7916-4500-B28A-7C38E3A9702C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4D1938BA-5096-4656-9453-E87BAE2831C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{56750813-2DEB-431C-9BBF-2DC5534E51BD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59F6AA48-809A-467A-82AB-740F7E4CAA79}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{787DA264-623B-4826-BC05-D3C56A16B71F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{799DF9E4-3766-4589-9C34-44E1F5B50446}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{902CA8DA-6381-4BCE-BBC0-D3586F1C073F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{93B4E719-AE66-4853-B083-A07A414B8EBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{945E1027-428D-423D-90B6-495CC42AF4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97C9FCD5-ED4A-4A8F-A29A-34C07ADB3409}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9B88AFCD-7DF6-445C-9C34-5F5F3653E3A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9C454FCB-4433-40D2-BC26-7FFF5E2EB0C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A790E0A4-85F5-4396-86A6-C84509C8C2BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7DBBE3D-69BC-491C-8E40-2ECD1620E021}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{A7DC7ADA-557E-4D2B-B4DC-ABABC38108FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A812DBE1-F473-4874-9CD2-A88DD9986FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8CCD001-9EBA-4540-9AA6-6B8FFE00ED48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE959908-7F14-4426-8C6E-783F808E41B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C9E4C857-2AE9-4315-AB69-B22A124CDE5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CDE32480-BFE6-44D1-9DFD-C77F31DFF078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D294B24A-7243-4335-B9DC-B8A5F8305812}" = protocol=6 | dir=out | app=system | "{D853A78D-93E5-488C-9795-97AF9DEDEB11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{D86DC020-064F-4962-8A29-50E903CD4210}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{DF08559A-CC73-4E64-8643-E74F605A6006}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E24E2DBB-6EF2-4D35-A74B-DC054B60FFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{E76712C1-CDC8-46A0-9DA0-8761F3C5E9D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3EE523C-6CDB-4421-99C8-71DF7BCFEEEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "AVG" = AVG 2012 "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Google Chrome" = Google Chrome "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MozBackup" = MozBackup 1.5.1 "Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US) "NortonPCCheckup" = Toshiba Laptop Checkup "Office14.SingleImage" = Microsoft Office Home and Student 2010 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WiseConvert Toolbar" = WiseConvert Toolbar "WTA-05a36915-ab0b-4afb-91f4-85c38665ca8a" = Polar Bowler "WTA-14f835bc-c0d2-4206-ab27-88e1661322a9" = Plants vs. Zombies - Game of the Year "WTA-274138f0-21fd-4e6f-8a2b-6e3018c67a30" = Zuma's Revenge "WTA-43378099-d046-4cdc-a852-6fac76352101" = RollerCoaster Tycoon 3: Platinum "WTA-4d3db7cc-9fa7-4f89-b360-7baa7eecaed5" = Bejeweled 3 "WTA-4de2cb34-3477-4d28-980f-a2bb3004cf1b" = Letters from Nowhere 2 "WTA-aabc3804-6e0b-47ed-89c9-0f18583fbd03" = Tales of Lagoona "WTA-bd43cf5c-c367-41ab-b1ff-ca18fd300e31" = FATE - The Traitor Soul "WTA-c25213e7-7df6-4e91-a1f5-85b340f4f8e1" = Virtual Villagers 4 - The Tree of Life "WTA-e57f0014-a6e8-45fe-941a-d03413c3f943" = Penguins! ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/11/2012 1:07:47 AM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1045 Error - 6/11/2012 12:21:39 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0 Description = Error - 6/11/2012 12:22:35 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10 Description = Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1030 Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 6/12/2012 1:35:29 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0 Description = Error - 6/12/2012 1:36:23 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10 Description = Error - 6/13/2012 1:22:53 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0 Description = Error - 6/13/2012 1:23:47 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874 Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 40. The internal error state is 107. Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874 Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 40. The internal error state is 107. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874 Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 40. The internal error state is 107. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874 Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 40. The internal error state is 107. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874 Description = An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 40. The internal error state is 107. < End of report >
  8. Joyceschiffer1
    Maurice! Here is the report form TDSSKILLER. The first screen that appeared after the scan showed one threat found. I wasn't sure what to do with it, so I put it in quarintine. 14:01:50.0415 0984 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 14:01:51.0023 0984 ============================================================ 14:01:51.0023 0984 Current date / time: 2012/06/27 14:01:51.0023 14:01:51.0023 0984 SystemInfo: 14:01:51.0023 0984 14:01:51.0023 0984 OS Version: 6.1.7601 ServicePack: 1.0 14:01:51.0023 0984 Product type: Workstation 14:01:51.0023 0984 ComputerName: JOYCE-PC 14:01:51.0023 0984 UserName: Joyce 14:01:51.0023 0984 Windows directory: C:\windows 14:01:51.0023 0984 System windows directory: C:\windows 14:01:51.0023 0984 Running under WOW64 14:01:51.0023 0984 Processor architecture: Intel x64 14:01:51.0023 0984 Number of processors: 4 14:01:51.0023 0984 Page size: 0x1000 14:01:51.0023 0984 Boot type: Normal boot 14:01:51.0023 0984 ============================================================ 14:01:51.0460 0984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:01:51.0476 0984 ============================================================ 14:01:51.0476 0984 \Device\Harddisk0\DR0: 14:01:51.0476 0984 MBR partitions: 14:01:51.0476 0984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3833E800 14:01:51.0476 0984 ============================================================ 14:01:51.0507 0984 C: <-> \Device\Harddisk0\DR0\Partition0 14:01:51.0507 0984 ============================================================ 14:01:51.0507 0984 Initialize success 14:01:51.0507 0984 ============================================================ 14:02:39.0259 5908 ============================================================ 14:02:39.0259 5908 Scan started 14:02:39.0259 5908 Mode: Manual; SigCheck; TDLFS; 14:02:39.0259 5908 ============================================================ 14:02:40.0055 5908 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 14:02:40.0180 5908 1394ohci - ok 14:02:40.0258 5908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 14:02:40.0273 5908 ACPI - ok 14:02:40.0305 5908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 14:02:40.0398 5908 AcpiPmi - ok 14:02:40.0492 5908 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:02:40.0523 5908 AdobeARMservice - ok 14:02:40.0819 5908 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:02:40.0851 5908 AdobeFlashPlayerUpdateSvc - ok 14:02:40.0929 5908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 14:02:40.0975 5908 adp94xx - ok 14:02:41.0022 5908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 14:02:41.0053 5908 adpahci - ok 14:02:41.0069 5908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 14:02:41.0100 5908 adpu320 - ok 14:02:41.0147 5908 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 14:02:41.0303 5908 AeLookupSvc - ok 14:02:41.0381 5908 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 14:02:41.0459 5908 AFD - ok 14:02:41.0506 5908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 14:02:41.0521 5908 agp440 - ok 14:02:41.0568 5908 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 14:02:41.0615 5908 ALG - ok 14:02:41.0646 5908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 14:02:41.0677 5908 aliide - ok 14:02:41.0693 5908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 14:02:41.0724 5908 amdide - ok 14:02:41.0740 5908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 14:02:41.0787 5908 AmdK8 - ok 14:02:41.0802 5908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 14:02:41.0833 5908 AmdPPM - ok 14:02:41.0865 5908 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 14:02:41.0896 5908 amdsata - ok 14:02:41.0911 5908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 14:02:41.0943 5908 amdsbs - ok 14:02:41.0958 5908 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 14:02:41.0974 5908 amdxata - ok 14:02:42.0005 5908 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 14:02:42.0099 5908 AppID - ok 14:02:42.0130 5908 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 14:02:42.0208 5908 AppIDSvc - ok 14:02:42.0223 5908 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 14:02:42.0255 5908 Appinfo - ok 14:02:42.0442 5908 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:02:42.0457 5908 Apple Mobile Device - ok 14:02:42.0489 5908 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 14:02:42.0520 5908 arc - ok 14:02:42.0551 5908 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 14:02:42.0567 5908 arcsas - ok 14:02:42.0832 5908 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:02:42.0863 5908 aspnet_state - ok 14:02:42.0879 5908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 14:02:42.0957 5908 AsyncMac - ok 14:02:42.0988 5908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 14:02:43.0019 5908 atapi - ok 14:02:43.0206 5908 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys 14:02:43.0315 5908 athr - ok 14:02:43.0659 5908 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 14:02:43.0768 5908 AudioEndpointBuilder - ok 14:02:43.0783 5908 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 14:02:43.0861 5908 AudioSrv - ok 14:02:44.0236 5908 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 14:02:44.0376 5908 AVGIDSAgent - ok 14:02:44.0766 5908 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys 14:02:44.0797 5908 AVGIDSDriver - ok 14:02:44.0829 5908 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys 14:02:44.0844 5908 AVGIDSFilter - ok 14:02:44.0875 5908 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys 14:02:44.0907 5908 AVGIDSHA - ok 14:02:44.0953 5908 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys 14:02:44.0985 5908 Avgldx64 - ok 14:02:45.0000 5908 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys 14:02:45.0016 5908 Avgmfx64 - ok 14:02:45.0031 5908 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys 14:02:45.0063 5908 Avgrkx64 - ok 14:02:45.0109 5908 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys 14:02:45.0141 5908 Avgtdia - ok 14:02:45.0312 5908 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 14:02:45.0343 5908 avgwd - ok 14:02:45.0390 5908 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 14:02:45.0453 5908 AxInstSV - ok 14:02:45.0515 5908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 14:02:45.0577 5908 b06bdrv - ok 14:02:45.0609 5908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 14:02:45.0671 5908 b57nd60a - ok 14:02:45.0718 5908 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 14:02:45.0765 5908 BDESVC - ok 14:02:45.0811 5908 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 14:02:45.0889 5908 Beep - ok 14:02:45.0952 5908 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 14:02:46.0061 5908 BFE - ok 14:02:46.0139 5908 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 14:02:46.0248 5908 BITS - ok 14:02:46.0404 5908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 14:02:46.0435 5908 blbdrive - ok 14:02:46.0529 5908 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 14:02:46.0576 5908 Bonjour Service - ok 14:02:46.0607 5908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 14:02:46.0669 5908 bowser - ok 14:02:46.0716 5908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 14:02:46.0747 5908 BrFiltLo - ok 14:02:46.0763 5908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 14:02:46.0810 5908 BrFiltUp - ok 14:02:46.0857 5908 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 14:02:46.0935 5908 Browser - ok 14:02:46.0966 5908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 14:02:47.0013 5908 Brserid - ok 14:02:47.0013 5908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 14:02:47.0044 5908 BrSerWdm - ok 14:02:47.0059 5908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 14:02:47.0091 5908 BrUsbMdm - ok 14:02:47.0122 5908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 14:02:47.0153 5908 BrUsbSer - ok 14:02:47.0215 5908 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys 14:02:47.0247 5908 BtFilter - ok 14:02:47.0262 5908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 14:02:47.0309 5908 BTHMODEM - ok 14:02:47.0371 5908 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 14:02:47.0449 5908 bthserv - ok 14:02:47.0496 5908 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 14:02:47.0574 5908 cdfs - ok 14:02:47.0605 5908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 14:02:47.0637 5908 cdrom - ok 14:02:47.0683 5908 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 14:02:47.0777 5908 CertPropSvc - ok 14:02:47.0808 5908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 14:02:47.0839 5908 circlass - ok 14:02:47.0902 5908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 14:02:47.0933 5908 CLFS - ok 14:02:48.0089 5908 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:02:48.0136 5908 clr_optimization_v2.0.50727_32 - ok 14:02:48.0261 5908 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:02:48.0276 5908 clr_optimization_v2.0.50727_64 - ok 14:02:48.0463 5908 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:02:48.0479 5908 clr_optimization_v4.0.30319_32 - ok 14:02:48.0682 5908 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:02:48.0697 5908 clr_optimization_v4.0.30319_64 - ok 14:02:48.0744 5908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 14:02:48.0775 5908 CmBatt - ok 14:02:48.0791 5908 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 14:02:48.0807 5908 cmdide - ok 14:02:48.0885 5908 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 14:02:48.0931 5908 CNG - ok 14:02:49.0041 5908 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys 14:02:49.0087 5908 CnxtHdAudService - ok 14:02:49.0493 5908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 14:02:49.0524 5908 Compbatt - ok 14:02:49.0540 5908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 14:02:49.0587 5908 CompositeBus - ok 14:02:49.0602 5908 COMSysApp - ok 14:02:49.0618 5908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 14:02:49.0633 5908 crcdisk - ok 14:02:49.0680 5908 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 14:02:49.0743 5908 CryptSvc - ok 14:02:49.0805 5908 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 14:02:49.0899 5908 DcomLaunch - ok 14:02:49.0961 5908 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 14:02:50.0039 5908 defragsvc - ok 14:02:50.0086 5908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 14:02:50.0117 5908 DfsC - ok 14:02:50.0164 5908 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 14:02:50.0242 5908 Dhcp - ok 14:02:50.0242 5908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 14:02:50.0289 5908 discache - ok 14:02:50.0320 5908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 14:02:50.0351 5908 Disk - ok 14:02:50.0367 5908 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 14:02:50.0445 5908 Dnscache - ok 14:02:50.0491 5908 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 14:02:50.0569 5908 dot3svc - ok 14:02:50.0585 5908 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 14:02:50.0647 5908 DPS - ok 14:02:50.0694 5908 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 14:02:50.0725 5908 drmkaud - ok 14:02:50.0788 5908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 14:02:50.0835 5908 DXGKrnl - ok 14:02:50.0866 5908 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 14:02:50.0928 5908 EapHost - ok 14:02:51.0069 5908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 14:02:51.0162 5908 ebdrv - ok 14:02:51.0459 5908 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 14:02:51.0474 5908 EFS - ok 14:02:51.0615 5908 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 14:02:51.0677 5908 ehRecvr - ok 14:02:51.0708 5908 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 14:02:51.0739 5908 ehSched - ok 14:02:51.0911 5908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 14:02:51.0942 5908 elxstor - ok 14:02:51.0958 5908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 14:02:51.0989 5908 ErrDev - ok 14:02:52.0036 5908 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 14:02:52.0145 5908 EventSystem - ok 14:02:52.0176 5908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 14:02:52.0254 5908 exfat - ok 14:02:52.0270 5908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 14:02:52.0332 5908 fastfat - ok 14:02:52.0395 5908 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 14:02:52.0473 5908 Fax - ok 14:02:52.0519 5908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 14:02:52.0551 5908 fdc - ok 14:02:52.0582 5908 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 14:02:52.0660 5908 fdPHost - ok 14:02:52.0660 5908 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 14:02:52.0707 5908 FDResPub - ok 14:02:52.0722 5908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 14:02:52.0738 5908 FileInfo - ok 14:02:52.0753 5908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 14:02:52.0800 5908 Filetrace - ok 14:02:52.0816 5908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 14:02:52.0831 5908 flpydisk - ok 14:02:52.0847 5908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 14:02:52.0863 5908 FltMgr - ok 14:02:52.0941 5908 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 14:02:53.0003 5908 FontCache - ok 14:02:53.0097 5908 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:02:53.0128 5908 FontCache3.0.0.0 - ok 14:02:53.0253 5908 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 14:02:53.0284 5908 FsDepends - ok 14:02:53.0315 5908 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 14:02:53.0346 5908 Fs_Rec - ok 14:02:53.0362 5908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 14:02:53.0393 5908 fvevol - ok 14:02:53.0424 5908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 14:02:53.0455 5908 gagp30kx - ok 14:02:53.0565 5908 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:02:53.0596 5908 GamesAppService - ok 14:02:53.0643 5908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 14:02:53.0658 5908 GEARAspiWDM - ok 14:02:53.0736 5908 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 14:02:53.0814 5908 gpsvc - ok 14:02:53.0908 5908 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:02:53.0923 5908 gupdate - ok 14:02:53.0923 5908 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:02:53.0939 5908 gupdatem - ok 14:02:53.0986 5908 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:02:54.0017 5908 gusvc - ok 14:02:54.0064 5908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 14:02:54.0111 5908 hcw85cir - ok 14:02:54.0142 5908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 14:02:54.0189 5908 HdAudAddService - ok 14:02:54.0204 5908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 14:02:54.0235 5908 HDAudBus - ok 14:02:54.0251 5908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 14:02:54.0282 5908 HidBatt - ok 14:02:54.0298 5908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 14:02:54.0329 5908 HidBth - ok 14:02:54.0360 5908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 14:02:54.0391 5908 HidIr - ok 14:02:54.0407 5908 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 14:02:54.0501 5908 hidserv - ok 14:02:54.0547 5908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys 14:02:54.0579 5908 HidUsb - ok 14:02:54.0610 5908 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 14:02:54.0719 5908 hkmsvc - ok 14:02:54.0735 5908 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 14:02:54.0781 5908 HomeGroupListener - ok 14:02:54.0828 5908 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 14:02:54.0859 5908 HomeGroupProvider - ok 14:02:54.0906 5908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 14:02:54.0937 5908 HpSAMD - ok 14:02:55.0015 5908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 14:02:55.0125 5908 HTTP - ok 14:02:55.0125 5908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 14:02:55.0140 5908 hwpolicy - ok 14:02:55.0156 5908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 14:02:55.0171 5908 i8042prt - ok 14:02:55.0234 5908 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\windows\system32\DRIVERS\iaStor.sys 14:02:55.0265 5908 iaStor - ok 14:02:55.0327 5908 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 14:02:55.0374 5908 iaStorV - ok 14:02:55.0452 5908 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 14:02:55.0483 5908 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:02:55.0483 5908 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:02:55.0639 5908 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:02:55.0686 5908 idsvc - ok 14:02:56.0404 5908 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys 14:02:56.0841 5908 igfx - ok 14:02:57.0215 5908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 14:02:57.0246 5908 iirsp - ok 14:02:57.0309 5908 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 14:02:57.0418 5908 IKEEXT - ok 14:02:57.0465 5908 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 14:02:57.0511 5908 IntcDAud - ok 14:02:57.0558 5908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 14:02:57.0574 5908 intelide - ok 14:02:57.0589 5908 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 14:02:57.0636 5908 intelppm - ok 14:02:57.0667 5908 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 14:02:57.0745 5908 IPBusEnum - ok 14:02:57.0777 5908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 14:02:57.0823 5908 IpFilterDriver - ok 14:02:57.0855 5908 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 14:02:57.0964 5908 iphlpsvc - ok 14:02:57.0979 5908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 14:02:58.0011 5908 IPMIDRV - ok 14:02:58.0026 5908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 14:02:58.0057 5908 IPNAT - ok 14:02:58.0151 5908 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 14:02:58.0182 5908 iPod Service - ok 14:02:58.0213 5908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 14:02:58.0245 5908 IRENUM - ok 14:02:58.0260 5908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 14:02:58.0276 5908 isapnp - ok 14:02:58.0291 5908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 14:02:58.0307 5908 iScsiPrt - ok 14:02:58.0323 5908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 14:02:58.0338 5908 kbdclass - ok 14:02:58.0354 5908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 14:02:58.0369 5908 kbdhid - ok 14:02:58.0416 5908 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 14:02:58.0432 5908 KeyIso - ok 14:02:58.0447 5908 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 14:02:58.0463 5908 KSecDD - ok 14:02:58.0479 5908 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 14:02:58.0510 5908 KSecPkg - ok 14:02:58.0541 5908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 14:02:58.0603 5908 ksthunk - ok 14:02:58.0650 5908 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 14:02:58.0728 5908 KtmRm - ok 14:02:58.0775 5908 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys 14:02:58.0775 5908 L1C - ok 14:02:58.0822 5908 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 14:02:58.0915 5908 LanmanServer - ok 14:02:58.0962 5908 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 14:02:59.0087 5908 LanmanWorkstation - ok 14:02:59.0134 5908 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 14:02:59.0212 5908 lltdio - ok 14:02:59.0243 5908 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 14:02:59.0352 5908 lltdsvc - ok 14:02:59.0368 5908 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 14:02:59.0415 5908 lmhosts - ok 14:02:59.0539 5908 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:02:59.0571 5908 LMS - ok 14:02:59.0633 5908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 14:02:59.0664 5908 LSI_FC - ok 14:02:59.0680 5908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 14:02:59.0695 5908 LSI_SAS - ok 14:02:59.0695 5908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 14:02:59.0711 5908 LSI_SAS2 - ok 14:02:59.0727 5908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 14:02:59.0742 5908 LSI_SCSI - ok 14:02:59.0773 5908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 14:02:59.0836 5908 luafv - ok 14:02:59.0867 5908 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 14:02:59.0883 5908 Mcx2Svc - ok 14:02:59.0898 5908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 14:02:59.0914 5908 megasas - ok 14:02:59.0945 5908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 14:02:59.0961 5908 MegaSR - ok 14:03:00.0007 5908 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 14:03:00.0023 5908 MEIx64 - ok 14:03:00.0070 5908 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 14:03:00.0148 5908 MMCSS - ok 14:03:00.0179 5908 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 14:03:00.0257 5908 Modem - ok 14:03:00.0273 5908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 14:03:00.0304 5908 monitor - ok 14:03:00.0319 5908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 14:03:00.0335 5908 mouclass - ok 14:03:00.0351 5908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys 14:03:00.0382 5908 mouhid - ok 14:03:00.0429 5908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 14:03:00.0460 5908 mountmgr - ok 14:03:00.0475 5908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 14:03:00.0491 5908 mpio - ok 14:03:00.0507 5908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 14:03:00.0553 5908 mpsdrv - ok 14:03:00.0616 5908 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 14:03:00.0694 5908 MpsSvc - ok 14:03:00.0709 5908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 14:03:00.0725 5908 MRxDAV - ok 14:03:00.0741 5908 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 14:03:00.0772 5908 mrxsmb - ok 14:03:00.0819 5908 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 14:03:00.0834 5908 mrxsmb10 - ok 14:03:00.0834 5908 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 14:03:00.0850 5908 mrxsmb20 - ok 14:03:00.0850 5908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 14:03:00.0865 5908 msahci - ok 14:03:00.0865 5908 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 14:03:00.0881 5908 msdsm - ok 14:03:00.0912 5908 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 14:03:00.0928 5908 MSDTC - ok 14:03:00.0943 5908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 14:03:00.0975 5908 Msfs - ok 14:03:00.0990 5908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 14:03:01.0037 5908 mshidkmdf - ok 14:03:01.0037 5908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 14:03:01.0037 5908 msisadrv - ok 14:03:01.0084 5908 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 14:03:01.0146 5908 MSiSCSI - ok 14:03:01.0146 5908 msiserver - ok 14:03:01.0193 5908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 14:03:01.0271 5908 MSKSSRV - ok 14:03:01.0271 5908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 14:03:01.0333 5908 MSPCLOCK - ok 14:03:01.0333 5908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 14:03:01.0380 5908 MSPQM - ok 14:03:01.0411 5908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 14:03:01.0458 5908 MsRPC - ok 14:03:01.0474 5908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 14:03:01.0489 5908 mssmbios - ok 14:03:01.0521 5908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 14:03:01.0599 5908 MSTEE - ok 14:03:01.0599 5908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 14:03:01.0614 5908 MTConfig - ok 14:03:01.0614 5908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 14:03:01.0630 5908 Mup - ok 14:03:01.0693 5908 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 14:03:01.0802 5908 napagent - ok 14:03:01.0880 5908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 14:03:01.0912 5908 NativeWifiP - ok 14:03:01.0974 5908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 14:03:02.0021 5908 NDIS - ok 14:03:02.0052 5908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 14:03:02.0083 5908 NdisCap - ok 14:03:02.0114 5908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 14:03:02.0146 5908 NdisTapi - ok 14:03:02.0146 5908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 14:03:02.0224 5908 Ndisuio - ok 14:03:02.0255 5908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 14:03:02.0333 5908 NdisWan - ok 14:03:02.0364 5908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 14:03:02.0395 5908 NDProxy - ok 14:03:02.0411 5908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 14:03:02.0442 5908 NetBIOS - ok 14:03:02.0473 5908 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 14:03:02.0504 5908 NetBT - ok 14:03:02.0551 5908 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 14:03:02.0551 5908 Netlogon - ok 14:03:02.0582 5908 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 14:03:02.0645 5908 Netman - ok 14:03:02.0894 5908 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:03:02.0910 5908 NetMsmqActivator - ok 14:03:02.0941 5908 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:03:02.0957 5908 NetPipeActivator - ok 14:03:03.0004 5908 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 14:03:03.0066 5908 netprofm - ok 14:03:03.0066 5908 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:03:03.0082 5908 NetTcpActivator - ok 14:03:03.0082 5908 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:03:03.0097 5908 NetTcpPortSharing - ok 14:03:03.0238 5908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 14:03:03.0269 5908 nfrd960 - ok 14:03:03.0316 5908 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 14:03:03.0425 5908 NlaSvc - ok 14:03:03.0518 5908 Norton PC Checkup Application Launcher - ok 14:03:03.0565 5908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 14:03:03.0643 5908 Npfs - ok 14:03:03.0690 5908 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 14:03:03.0768 5908 nsi - ok 14:03:03.0768 5908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 14:03:03.0830 5908 nsiproxy - ok 14:03:03.0908 5908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 14:03:03.0986 5908 Ntfs - ok 14:03:04.0376 5908 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 14:03:04.0439 5908 Null - ok 14:03:04.0470 5908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 14:03:04.0470 5908 nvraid - ok 14:03:04.0486 5908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 14:03:04.0501 5908 nvstor - ok 14:03:04.0517 5908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 14:03:04.0532 5908 nv_agp - ok 14:03:04.0548 5908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 14:03:04.0564 5908 ohci1394 - ok 14:03:04.0720 5908 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:03:04.0735 5908 ose - ok 14:03:05.0125 5908 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:03:05.0281 5908 osppsvc - ok 14:03:05.0578 5908 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 14:03:05.0624 5908 p2pimsvc - ok 14:03:05.0702 5908 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 14:03:05.0734 5908 p2psvc - ok 14:03:05.0843 5908 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 14:03:05.0874 5908 Parport - ok 14:03:05.0921 5908 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 14:03:05.0936 5908 partmgr - ok 14:03:05.0968 5908 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 14:03:06.0030 5908 PcaSvc - ok 14:03:06.0139 5908 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe 14:03:06.0170 5908 PCCUJobMgr - ok 14:03:06.0217 5908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 14:03:06.0248 5908 pci - ok 14:03:06.0264 5908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 14:03:06.0280 5908 pciide - ok 14:03:06.0311 5908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 14:03:06.0342 5908 pcmcia - ok 14:03:06.0358 5908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 14:03:06.0373 5908 pcw - ok 14:03:06.0420 5908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 14:03:06.0514 5908 PEAUTH - ok 14:03:06.0779 5908 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 14:03:06.0826 5908 PerfHost - ok 14:03:06.0872 5908 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 14:03:06.0888 5908 PGEffect - ok 14:03:06.0982 5908 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 14:03:07.0091 5908 pla - ok 14:03:07.0169 5908 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 14:03:07.0216 5908 PlugPlay - ok 14:03:07.0262 5908 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 14:03:07.0294 5908 PNRPAutoReg - ok 14:03:07.0325 5908 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 14:03:07.0356 5908 PNRPsvc - ok 14:03:07.0403 5908 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 14:03:07.0465 5908 PolicyAgent - ok 14:03:07.0512 5908 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 14:03:07.0590 5908 Power - ok 14:03:07.0730 5908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 14:03:07.0808 5908 PptpMiniport - ok 14:03:07.0840 5908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 14:03:07.0871 5908 Processor - ok 14:03:07.0918 5908 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 14:03:07.0964 5908 ProfSvc - ok 14:03:07.0996 5908 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 14:03:08.0011 5908 ProtectedStorage - ok 14:03:08.0058 5908 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 14:03:08.0152 5908 Psched - ok 14:03:08.0198 5908 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 14:03:08.0230 5908 QIOMem - ok 14:03:08.0308 5908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 14:03:08.0370 5908 ql2300 - ok 14:03:08.0776 5908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 14:03:08.0807 5908 ql40xx - ok 14:03:08.0854 5908 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 14:03:08.0900 5908 QWAVE - ok 14:03:08.0900 5908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 14:03:08.0947 5908 QWAVEdrv - ok 14:03:08.0947 5908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 14:03:09.0010 5908 RasAcd - ok 14:03:09.0041 5908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 14:03:09.0103 5908 RasAgileVpn - ok 14:03:09.0134 5908 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 14:03:09.0212 5908 RasAuto - ok 14:03:09.0244 5908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 14:03:09.0290 5908 Rasl2tp - ok 14:03:09.0306 5908 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 14:03:09.0337 5908 RasMan - ok 14:03:09.0368 5908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 14:03:09.0415 5908 RasPppoe - ok 14:03:09.0446 5908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 14:03:09.0509 5908 RasSstp - ok 14:03:09.0540 5908 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 14:03:09.0618 5908 rdbss - ok 14:03:09.0634 5908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 14:03:09.0649 5908 rdpbus - ok 14:03:09.0680 5908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 14:03:09.0727 5908 RDPCDD - ok 14:03:09.0727 5908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 14:03:09.0774 5908 RDPENCDD - ok 14:03:09.0790 5908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 14:03:09.0821 5908 RDPREFMP - ok 14:03:09.0836 5908 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 14:03:09.0883 5908 RDPWD - ok 14:03:09.0930 5908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 14:03:09.0946 5908 rdyboost - ok 14:03:09.0961 5908 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 14:03:10.0024 5908 RemoteAccess - ok 14:03:10.0070 5908 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 14:03:10.0133 5908 RemoteRegistry - ok 14:03:10.0164 5908 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 14:03:10.0195 5908 RpcEptMapper - ok 14:03:10.0226 5908 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 14:03:10.0226 5908 RpcLocator - ok 14:03:10.0258 5908 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 14:03:10.0304 5908 RpcSs - ok 14:03:10.0336 5908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 14:03:10.0414 5908 rspndr - ok 14:03:10.0492 5908 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys 14:03:10.0523 5908 RSUSBSTOR - ok 14:03:10.0538 5908 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys 14:03:10.0554 5908 RSUSBVSTOR - ok 14:03:10.0585 5908 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 14:03:10.0616 5908 SamSs - ok 14:03:10.0648 5908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 14:03:10.0679 5908 sbp2port - ok 14:03:10.0726 5908 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 14:03:10.0804 5908 SCardSvr - ok 14:03:10.0804 5908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 14:03:10.0866 5908 scfilter - ok 14:03:10.0913 5908 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 14:03:10.0975 5908 Schedule - ok 14:03:11.0006 5908 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 14:03:11.0084 5908 SCPolicySvc - ok 14:03:11.0116 5908 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 14:03:11.0178 5908 SDRSVC - ok 14:03:11.0303 5908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 14:03:11.0381 5908 secdrv - ok 14:03:11.0428 5908 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 14:03:11.0474 5908 seclogon - ok 14:03:11.0474 5908 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 14:03:11.0521 5908 SENS - ok 14:03:11.0552 5908 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 14:03:11.0584 5908 SensrSvc - ok 14:03:11.0630 5908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 14:03:11.0662 5908 Serenum - ok 14:03:11.0677 5908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 14:03:11.0708 5908 Serial - ok 14:03:11.0724 5908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 14:03:11.0755 5908 sermouse - ok 14:03:11.0802 5908 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 14:03:11.0896 5908 SessionEnv - ok 14:03:11.0896 5908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 14:03:11.0911 5908 sffdisk - ok 14:03:11.0942 5908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 14:03:11.0974 5908 sffp_mmc - ok 14:03:11.0974 5908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 14:03:12.0020 5908 sffp_sd - ok 14:03:12.0020 5908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 14:03:12.0052 5908 sfloppy - ok 14:03:12.0098 5908 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 14:03:12.0161 5908 SharedAccess - ok 14:03:12.0208 5908 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 14:03:12.0301 5908 ShellHWDetection - ok 14:03:12.0332 5908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 14:03:12.0332 5908 SiSRaid2 - ok 14:03:12.0364 5908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 14:03:12.0379 5908 SiSRaid4 - ok 14:03:12.0395 5908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 14:03:12.0488 5908 Smb - ok 14:03:12.0535 5908 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 14:03:12.0566 5908 SNMPTRAP - ok 14:03:12.0566 5908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 14:03:12.0598 5908 spldr - ok 14:03:12.0629 5908 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 14:03:12.0691 5908 Spooler - ok 14:03:12.0847 5908 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 14:03:12.0956 5908 sppsvc - ok 14:03:13.0237 5908 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 14:03:13.0315 5908 sppuinotify - ok 14:03:13.0456 5908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 14:03:13.0534 5908 srv - ok 14:03:13.0565 5908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 14:03:13.0596 5908 srv2 - ok 14:03:13.0643 5908 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS 14:03:13.0674 5908 SrvHsfHDA - ok 14:03:13.0768 5908 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS 14:03:13.0846 5908 SrvHsfV92 - ok 14:03:14.0267 5908 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS 14:03:14.0314 5908 SrvHsfWinac - ok 14:03:14.0345 5908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 14:03:14.0376 5908 srvnet - ok 14:03:14.0407 5908 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 14:03:14.0501 5908 SSDPSRV - ok 14:03:14.0516 5908 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 14:03:14.0563 5908 SstpSvc - ok 14:03:14.0594 5908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 14:03:14.0610 5908 stexstor - ok 14:03:14.0657 5908 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 14:03:14.0719 5908 stisvc - ok 14:03:14.0719 5908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 14:03:14.0735 5908 swenum - ok 14:03:14.0797 5908 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 14:03:14.0860 5908 swprv - ok 14:03:14.0969 5908 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 14:03:15.0016 5908 SynTP - ok 14:03:15.0421 5908 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 14:03:15.0484 5908 SysMain - ok 14:03:15.0764 5908 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 14:03:15.0827 5908 TabletInputService - ok 14:03:15.0858 5908 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 14:03:15.0889 5908 TapiSrv - ok 14:03:15.0905 5908 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 14:03:15.0936 5908 TBS - ok 14:03:16.0154 5908 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 14:03:16.0232 5908 Tcpip - ok 14:03:16.0716 5908 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 14:03:16.0763 5908 TCPIP6 - ok 14:03:17.0153 5908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 14:03:17.0231 5908 tcpipreg - ok 14:03:17.0278 5908 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 14:03:17.0293 5908 tdcmdpst - ok 14:03:17.0309 5908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 14:03:17.0340 5908 TDPIPE - ok 14:03:17.0371 5908 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 14:03:17.0418 5908 TDTCP - ok 14:03:17.0434 5908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 14:03:17.0496 5908 tdx - ok 14:03:17.0527 5908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 14:03:17.0543 5908 TermDD - ok 14:03:17.0574 5908 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 14:03:17.0636 5908 TermService - ok 14:03:17.0652 5908 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 14:03:17.0668 5908 Themes - ok 14:03:17.0699 5908 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 14:03:17.0761 5908 THREADORDER - ok 14:03:17.0839 5908 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 14:03:17.0870 5908 TMachInfo - ok 14:03:17.0917 5908 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe 14:03:17.0948 5908 TODDSrv - ok 14:03:18.0042 5908 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 14:03:18.0089 5908 TosCoSrv - ok 14:03:18.0214 5908 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 14:03:18.0245 5908 TOSHIBA Bluetooth Service - ok 14:03:18.0307 5908 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe 14:03:18.0338 5908 TOSHIBA eco Utility Service - ok 14:03:18.0432 5908 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 14:03:18.0448 5908 TOSHIBA HDD SSD Alert Service - ok 14:03:18.0838 5908 tosrfbd (09cf82c0068c7cff7e2b3797be7f5cc2) C:\windows\system32\DRIVERS\tosrfbd.sys 14:03:18.0869 5908 tosrfbd - ok 14:03:18.0884 5908 Tosrfcom - ok 14:03:18.0916 5908 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys 14:03:18.0931 5908 tosrfec - ok 14:03:18.0978 5908 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys 14:03:18.0994 5908 Tosrfusb - ok 14:03:19.0056 5908 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 14:03:19.0087 5908 tos_sps64 - ok 14:03:19.0181 5908 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 14:03:19.0243 5908 TPCHSrv - ok 14:03:19.0540 5908 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 14:03:19.0633 5908 TrkWks - ok 14:03:19.0696 5908 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 14:03:19.0774 5908 TrustedInstaller - ok 14:03:19.0867 5908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 14:03:19.0961 5908 tssecsrv - ok 14:03:19.0992 5908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 14:03:20.0008 5908 TsUsbFlt - ok 14:03:20.0008 5908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 14:03:20.0039 5908 TsUsbGD - ok 14:03:20.0086 5908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 14:03:20.0179 5908 tunnel - ok 14:03:20.0226 5908 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 14:03:20.0242 5908 TVALZ - ok 14:03:20.0273 5908 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys 14:03:20.0288 5908 TVALZFL - ok 14:03:20.0335 5908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 14:03:20.0366 5908 uagp35 - ok 14:03:20.0398 5908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 14:03:20.0476 5908 udfs - ok 14:03:20.0522 5908 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 14:03:20.0538 5908 UI0Detect - ok 14:03:20.0554 5908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 14:03:20.0569 5908 uliagpkx - ok 14:03:20.0585 5908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 14:03:20.0600 5908 umbus - ok 14:03:20.0632 5908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 14:03:20.0663 5908 UmPass - ok 14:03:20.0928 5908 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:03:20.0990 5908 UNS - ok 14:03:21.0302 5908 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 14:03:21.0380 5908 upnphost - ok 14:03:21.0521 5908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 14:03:21.0568 5908 usbccgp - ok 14:03:21.0583 5908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 14:03:21.0614 5908 usbcir - ok 14:03:21.0646 5908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 14:03:21.0661 5908 usbehci - ok 14:03:21.0708 5908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 14:03:21.0755 5908 usbhub - ok 14:03:21.0770 5908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 14:03:21.0802 5908 usbohci - ok 14:03:21.0817 5908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 14:03:21.0864 5908 usbprint - ok 14:03:21.0880 5908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 14:03:21.0926 5908 USBSTOR - ok 14:03:21.0958 5908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 14:03:21.0989 5908 usbuhci - ok 14:03:22.0020 5908 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 14:03:22.0067 5908 usbvideo - ok 14:03:22.0098 5908 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 14:03:22.0160 5908 UxSms - ok 14:03:22.0176 5908 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 14:03:22.0207 5908 VaultSvc - ok 14:03:22.0254 5908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 14:03:22.0285 5908 vdrvroot - ok 14:03:22.0348 5908 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 14:03:22.0441 5908 vds - ok 14:03:22.0441 5908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 14:03:22.0457 5908 vga - ok 14:03:22.0457 5908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 14:03:22.0504 5908 VgaSave - ok 14:03:22.0519 5908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 14:03:22.0535 5908 vhdmp - ok 14:03:22.0566 5908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 14:03:22.0582 5908 viaide - ok 14:03:22.0597 5908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 14:03:22.0628 5908 volmgr - ok 14:03:22.0675 5908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 14:03:22.0706 5908 volmgrx - ok 14:03:22.0722 5908 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 14:03:22.0753 5908 volsnap - ok 14:03:22.0816 5908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 14:03:22.0847 5908 vsmraid - ok 14:03:22.0940 5908 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 14:03:23.0050 5908 VSS - ok 14:03:23.0424 5908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 14:03:23.0455 5908 vwifibus - ok 14:03:23.0486 5908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 14:03:23.0533 5908 vwififlt - ok 14:03:23.0611 5908 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 14:03:23.0689 5908 W32Time - ok 14:03:23.0720 5908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 14:03:23.0752 5908 WacomPen - ok 14:03:23.0783 5908 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 14:03:23.0861 5908 WANARP - ok 14:03:23.0861 5908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 14:03:23.0923 5908 Wanarpv6 - ok 14:03:24.0017 5908 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 14:03:24.0079 5908 WatAdminSvc - ok 14:03:24.0173 5908 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 14:03:24.0235 5908 wbengine - ok 14:03:24.0547 5908 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 14:03:24.0594 5908 WbioSrvc - ok 14:03:24.0610 5908 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 14:03:24.0672 5908 wcncsvc - ok 14:03:24.0688 5908 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 14:03:24.0734 5908 WcsPlugInService - ok 14:03:24.0859 5908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 14:03:24.0890 5908 Wd - ok 14:03:24.0922 5908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 14:03:24.0968 5908 Wdf01000 - ok 14:03:25.0000 5908 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 14:03:25.0093 5908 WdiServiceHost - ok 14:03:25.0093 5908 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 14:03:25.0124 5908 WdiSystemHost - ok 14:03:25.0171 5908 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 14:03:25.0234 5908 WebClient - ok 14:03:25.0265 5908 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 14:03:25.0327 5908 Wecsvc - ok 14:03:25.0343 5908 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 14:03:25.0374 5908 wercplsupport - ok 14:03:25.0421 5908 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 14:03:25.0514 5908 WerSvc - ok 14:03:25.0639 5908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 14:03:25.0717 5908 WfpLwf - ok 14:03:25.0733 5908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 14:03:25.0733 5908 WIMMount - ok 14:03:25.0795 5908 WinDefend - ok 14:03:25.0811 5908 WinHttpAutoProxySvc - ok 14:03:25.0951 5908 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 14:03:26.0029 5908 Winmgmt - ok 14:03:26.0138 5908 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 14:03:26.0248 5908 WinRM - ok 14:03:26.0575 5908 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 14:03:26.0653 5908 Wlansvc - ok 14:03:26.0747 5908 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:03:26.0762 5908 wlcrasvc - ok 14:03:26.0903 5908 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:03:26.0965 5908 wlidsvc - ok 14:03:27.0340 5908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 14:03:27.0371 5908 WmiAcpi - ok 14:03:27.0527 5908 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 14:03:27.0558 5908 wmiApSrv - ok 14:03:27.0636 5908 WMPNetworkSvc - ok 14:03:27.0683 5908 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 14:03:27.0730 5908 WPCSvc - ok 14:03:27.0745 5908 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 14:03:27.0776 5908 WPDBusEnum - ok 14:03:27.0808 5908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 14:03:27.0870 5908 ws2ifsl - ok 14:03:27.0886 5908 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 14:03:27.0917 5908 wscsvc - ok 14:03:27.0917 5908 WSearch - ok 14:03:28.0042 5908 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 14:03:28.0120 5908 wuauserv - ok 14:03:28.0494 5908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 14:03:28.0603 5908 WudfPf - ok 14:03:28.0619 5908 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 14:03:28.0712 5908 WUDFRd - ok 14:03:28.0759 5908 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 14:03:28.0822 5908 wudfsvc - ok 14:03:28.0837 5908 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 14:03:28.0868 5908 WwanSvc - ok 14:03:28.0931 5908 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 14:03:29.0633 5908 \Device\Harddisk0\DR0 - ok 14:03:29.0664 5908 Boot (0x1200) (ef4e68f9ec02aabec2867b5de2945259) \Device\Harddisk0\DR0\Partition0 14:03:29.0664 5908 \Device\Harddisk0\DR0\Partition0 - ok 14:03:29.0664 5908 ============================================================ 14:03:29.0664 5908 Scan finished 14:03:29.0664 5908 ============================================================ 14:03:29.0695 0304 Detected object count: 1 14:03:29.0695 0304 Actual detected object count: 1 14:04:09.0257 0304 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine 14:04:09.0257 0304 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
  9. Joyceschiffer1
    Hi Maurice, You are a genius! The Unhide program worked perfectly! Here is the text: Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 06/27/2012 01:39:47 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 137697 files processed. Restoring the Start Menu. * 182 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer * NoActiveDesktopChanges policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowControlPanel was set to 0! It was set back to 1! * Start_ShowHelp was set to 0! It was set back to 1! * Start_ShowMyDocs was set to 0! It was set back to 1! * Start_ShowMyMusic was set to 0! It was set back to 1! * Start_ShowMyPics was set to 0! It was set back to 1! * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowRun was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 06/27/2012 01:42:30 PM Execution time: 0 hours(s), 2 minute(s), and 43 seconds(s) Will begin the next steps now and post them for you. Don't know where you are, but we live in Hawaii and are probably a good few hours earlier than you are. Aloha, Joyce
  10. Joyceschiffer1
    Hi Maurice, thanks very much for replying. I am not terribly savy on all this, so in layspeak here is what happened. I was online when an AVG pop up window appeared. It said that there was a severe malware threat. As they recommended I put it in a vault. They identified it as: IDP.GenericN.5D5293F3 Seconds after I did this, another window popped up that I could not close and kept replicating. I shouted and my husband came over and installed your product. We ran a full scan and it detected 6 bad things. There were: 4 Trojan.Fake Alerts 1 Rogue.FakeHDD 2 PUM.Hijack.StartMenu all dated yesterday at 3:17 am We followed the instructions for them to be quarantined. When I restarted my computer the pop up start menu was empty, and when I click on 'All Programs' they show up, but all of the folders there are empty (for example it lists Microspot Office, but when I click on it, it just says 'empty'). I can find everything when I go to My Computer, but can't get them back to the start menu. So I guess I am asking if they are really all gone, if my computer is clean, and if you might know how to get my start menu back. I have not yet done all the steps you suggested, wanted to tell you all of this before I did. Thanks again, Joyce MBAM log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joyce :: JOYCE-PC [administrator] 6/24/2012 5:17:39 PM mbam-log-2012-06-24 (17-17-39).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 314539 Time elapsed: 26 minute(s), 23 second(s) Memory Processes Detected: 2 C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> 5228 -> Delete on reboot. C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> 6580 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\jdhNjPXkrCGrLYP.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Delete on reboot. C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Joyce\AppData\Local\Temp\ad8EIFpytux2sY.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Joyce\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully. (end)
  11. Joyceschiffer1
    Hi, I had a malware on my computer and have followed the instructions to send these two logs (attach.txt and dds.txt) to you. Can you pleae look at them and see if I am OK. Thanks very much, Joyce . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Joyce at 8:06:28 on 2012-06-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4624 [GMT -10:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://start.toshiba.com uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 TCP: Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 TCP: Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887} : DhcpNameServer = 50.50.0.50 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-10 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-10 126392] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-10 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-25 03:15:22 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Malwarebytes 2012-06-25 03:15:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-06-25 03:15:15 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-25 03:15:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-24 16:32:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-24 16:32:17 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-24 16:32:00 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-24 16:32:00 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-18 04:13:34 -------- d--h--w- C:\Users\Joyce\AppData\Local\Diagnostics 2012-06-12 21:38:41 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-06-08 05:31:31 -------- d--h--w- C:\ProgramData\Book Place 2012-06-08 05:26:21 -------- d--h--w- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update 2012-06-08 05:18:11 -------- d--h--w- C:\Users\Joyce\AppData\Roaming\Book Place . ==================== Find3M ==================== . 2012-06-23 18:02:07 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 18:02:07 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-04-19 14:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys 2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys . ============= FINISH: 8:07:07.47 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.