Help with Removal Attach and DDS logs attached

Joyceschiffer1 · June 26, 2012

Hi, I had a malware on my computer and have followed the instructions to send these two logs (attach.txt and dds.txt) to you. Can you pleae look at them and see if I am OK.

Thanks very much,

Joyce

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Joyce at 8:06:28 on 2012-06-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4624 [GMT -10:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://start.toshiba.com

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887} : DhcpNameServer = 50.50.0.50

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-10 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-10 126392]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 2656280]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-10 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-25 03:15:22 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Malwarebytes

2012-06-25 03:15:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-25 03:15:15 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-25 03:15:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-24 16:32:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-24 16:32:17 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-24 16:32:00 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-24 16:32:00 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-18 04:13:34 -------- d--h--w- C:\Users\Joyce\AppData\Local\Diagnostics

2012-06-12 21:38:41 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-08 05:31:31 -------- d--h--w- C:\ProgramData\Book Place

2012-06-08 05:26:21 -------- d--h--w- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update

2012-06-08 05:18:11 -------- d--h--w- C:\Users\Joyce\AppData\Roaming\Book Place

.

==================== Find3M ====================

.

2012-06-23 18:02:07 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 18:02:07 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-04-19 14:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

.

============= FINISH: 8:07:07.47 ===============

Attach.txt

Edited June 26, 2012 by Maurice Naggar
Logs In-line

Maurice Naggar · June 26, 2012

Hello Joyce and welcome to MalwareBytes forums.

Would you share with me why you suspect something is amiss?

Please Copy and Paste logs into main-body of reply. Use NOTEPAD to open the logs and Copy all. Then paste.

Do not attach.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

the contents of aswMBR report;
the contents of TDSSKILLER log;
the contents of GMER log;
the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Joyceschiffer1 · June 26, 2012

Hi Maurice, thanks very much for replying.

I am not terribly savy on all this, so in layspeak here is what happened. I was online when an AVG pop up window appeared. It said that there was a severe malware threat. As they recommended I put it in a vault. They identified it as: IDP.GenericN.5D5293F3

Seconds after I did this, another window popped up that I could not close and kept replicating. I shouted and my husband came over and installed your product. We ran a full scan and it detected 6 bad things.

There were:

4 Trojan.Fake Alerts

1 Rogue.FakeHDD

2 PUM.Hijack.StartMenu

all dated yesterday at 3:17 am

We followed the instructions for them to be quarantined.

When I restarted my computer the pop up start menu was empty, and when I click on 'All Programs' they show up, but all of the folders there are empty (for example it lists Microspot Office, but when I click on it, it just says 'empty').

I can find everything when I go to My Computer, but can't get them back to the start menu.

So I guess I am asking if they are really all gone, if my computer is clean, and if you might know how to get my start menu back.

I have not yet done all the steps you suggested, wanted to tell you all of this before I did.

Thanks again,

Joyce

MBAM log

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.25.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joyce :: JOYCE-PC [administrator]

6/24/2012 5:17:39 PM

mbam-log-2012-06-24 (17-17-39).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 314539

Time elapsed: 26 minute(s), 23 second(s)

Memory Processes Detected: 2

C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> 5228 -> Delete on reboot.

C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> 6580 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\jdhNjPXkrCGrLYP.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\ProgramData\0UsElvON0Pc1Bc.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Users\Joyce\AppData\Local\Temp\ad8EIFpytux2sY.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Joyce\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully.

(end)

Maurice Naggar · June 27, 2012

Joyce,

OK. You described the sequence well. Details are always appreciated. The malware "hid" some of your program links, etc.

We'll get those back. I suggest you run Unhide and follow it's prompts as it runs. And get it's log Unhide.txt when it is all done.

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Reply back with copy of Unhide.txt

Next, go back to my previous reply: Need for you to run aswMBR

TDSSKILLER

GMER

OTL

SecurityCheck

Do as much as possible of those, and copy and paste the logs

Joyceschiffer1 · June 27, 2012

Hi Maurice,

You are a genius! The Unhide program worked perfectly! Here is the text:

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 06/27/2012 01:39:47 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 137697 files processed.

Restoring the Start Menu.

* 182 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

* NoActiveDesktopChanges policy was found and deleted!

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* Start_ShowControlPanel was set to 0! It was set back to 1!

* Start_ShowHelp was set to 0! It was set back to 1!

* Start_ShowMyDocs was set to 0! It was set back to 1!

* Start_ShowMyMusic was set to 0! It was set back to 1!

* Start_ShowMyPics was set to 0! It was set back to 1!

* Start_ShowPrinters was set to 0! It was set back to 1!

* Start_ShowRun was set to 0! It was set back to 1!

* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

* Start_ShowRecentDocs was set to 0! It was set back to 2!

* Start_ShowNetConn was set to 0! It was set back to 1!

* Start_ShowNetPlaces was set to 0! It was set back to 1!

* Start_TrackDocs was set to 0! It was set back to 1!

* Start_TrackProgs was set to 0! It was set back to 1!

* Start_ShowUser was set to 0! It was set back to 1!

* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 06/27/2012 01:42:30 PM

Execution time: 0 hours(s), 2 minute(s), and 43 seconds(s)

Will begin the next steps now and post them for you. Don't know where you are, but we live in Hawaii and are probably a good few hours earlier than you are.

Aloha,

Joyce

Joyceschiffer1 · June 28, 2012

Maurice! Here is the report form TDSSKILLER. The first screen that appeared after the scan showed one threat found. I wasn't sure what to do with it, so I put it in quarintine.

14:01:50.0415 0984 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

14:01:51.0023 0984 ============================================================

14:01:51.0023 0984 Current date / time: 2012/06/27 14:01:51.0023

14:01:51.0023 0984 SystemInfo:

14:01:51.0023 0984

14:01:51.0023 0984 OS Version: 6.1.7601 ServicePack: 1.0

14:01:51.0023 0984 Product type: Workstation

14:01:51.0023 0984 ComputerName: JOYCE-PC

14:01:51.0023 0984 UserName: Joyce

14:01:51.0023 0984 Windows directory: C:\windows

14:01:51.0023 0984 System windows directory: C:\windows

14:01:51.0023 0984 Running under WOW64

14:01:51.0023 0984 Processor architecture: Intel x64

14:01:51.0023 0984 Number of processors: 4

14:01:51.0023 0984 Page size: 0x1000

14:01:51.0023 0984 Boot type: Normal boot

14:01:51.0023 0984 ============================================================

14:01:51.0460 0984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:01:51.0476 0984 ============================================================

14:01:51.0476 0984 \Device\Harddisk0\DR0:

14:01:51.0476 0984 MBR partitions:

14:01:51.0476 0984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3833E800

14:01:51.0476 0984 ============================================================

14:01:51.0507 0984 C: <-> \Device\Harddisk0\DR0\Partition0

14:01:51.0507 0984 ============================================================

14:01:51.0507 0984 Initialize success

14:01:51.0507 0984 ============================================================

14:02:39.0259 5908 ============================================================

14:02:39.0259 5908 Scan started

14:02:39.0259 5908 Mode: Manual; SigCheck; TDLFS;

14:02:39.0259 5908 ============================================================

14:02:40.0055 5908 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

14:02:40.0180 5908 1394ohci - ok

14:02:40.0258 5908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

14:02:40.0273 5908 ACPI - ok

14:02:40.0305 5908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

14:02:40.0398 5908 AcpiPmi - ok

14:02:40.0492 5908 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:02:40.0523 5908 AdobeARMservice - ok

14:02:40.0819 5908 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:02:40.0851 5908 AdobeFlashPlayerUpdateSvc - ok

14:02:40.0929 5908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

14:02:40.0975 5908 adp94xx - ok

14:02:41.0022 5908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

14:02:41.0053 5908 adpahci - ok

14:02:41.0069 5908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

14:02:41.0100 5908 adpu320 - ok

14:02:41.0147 5908 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

14:02:41.0303 5908 AeLookupSvc - ok

14:02:41.0381 5908 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

14:02:41.0459 5908 AFD - ok

14:02:41.0506 5908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

14:02:41.0521 5908 agp440 - ok

14:02:41.0568 5908 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

14:02:41.0615 5908 ALG - ok

14:02:41.0646 5908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

14:02:41.0677 5908 aliide - ok

14:02:41.0693 5908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

14:02:41.0724 5908 amdide - ok

14:02:41.0740 5908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

14:02:41.0787 5908 AmdK8 - ok

14:02:41.0802 5908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

14:02:41.0833 5908 AmdPPM - ok

14:02:41.0865 5908 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

14:02:41.0896 5908 amdsata - ok

14:02:41.0911 5908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

14:02:41.0943 5908 amdsbs - ok

14:02:41.0958 5908 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

14:02:41.0974 5908 amdxata - ok

14:02:42.0005 5908 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

14:02:42.0099 5908 AppID - ok

14:02:42.0130 5908 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

14:02:42.0208 5908 AppIDSvc - ok

14:02:42.0223 5908 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

14:02:42.0255 5908 Appinfo - ok

14:02:42.0442 5908 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:02:42.0457 5908 Apple Mobile Device - ok

14:02:42.0489 5908 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

14:02:42.0520 5908 arc - ok

14:02:42.0551 5908 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

14:02:42.0567 5908 arcsas - ok

14:02:42.0832 5908 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

14:02:42.0863 5908 aspnet_state - ok

14:02:42.0879 5908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

14:02:42.0957 5908 AsyncMac - ok

14:02:42.0988 5908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

14:02:43.0019 5908 atapi - ok

14:02:43.0206 5908 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys

14:02:43.0315 5908 athr - ok

14:02:43.0659 5908 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:02:43.0768 5908 AudioEndpointBuilder - ok

14:02:43.0783 5908 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:02:43.0861 5908 AudioSrv - ok

14:02:44.0236 5908 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

14:02:44.0376 5908 AVGIDSAgent - ok

14:02:44.0766 5908 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys

14:02:44.0797 5908 AVGIDSDriver - ok

14:02:44.0829 5908 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys

14:02:44.0844 5908 AVGIDSFilter - ok

14:02:44.0875 5908 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys

14:02:44.0907 5908 AVGIDSHA - ok

14:02:44.0953 5908 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys

14:02:44.0985 5908 Avgldx64 - ok

14:02:45.0000 5908 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys

14:02:45.0016 5908 Avgmfx64 - ok

14:02:45.0031 5908 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys

14:02:45.0063 5908 Avgrkx64 - ok

14:02:45.0109 5908 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys

14:02:45.0141 5908 Avgtdia - ok

14:02:45.0312 5908 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

14:02:45.0343 5908 avgwd - ok

14:02:45.0390 5908 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

14:02:45.0453 5908 AxInstSV - ok

14:02:45.0515 5908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

14:02:45.0577 5908 b06bdrv - ok

14:02:45.0609 5908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

14:02:45.0671 5908 b57nd60a - ok

14:02:45.0718 5908 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

14:02:45.0765 5908 BDESVC - ok

14:02:45.0811 5908 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

14:02:45.0889 5908 Beep - ok

14:02:45.0952 5908 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

14:02:46.0061 5908 BFE - ok

14:02:46.0139 5908 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

14:02:46.0248 5908 BITS - ok

14:02:46.0404 5908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

14:02:46.0435 5908 blbdrive - ok

14:02:46.0529 5908 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:02:46.0576 5908 Bonjour Service - ok

14:02:46.0607 5908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

14:02:46.0669 5908 bowser - ok

14:02:46.0716 5908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

14:02:46.0747 5908 BrFiltLo - ok

14:02:46.0763 5908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

14:02:46.0810 5908 BrFiltUp - ok

14:02:46.0857 5908 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

14:02:46.0935 5908 Browser - ok

14:02:46.0966 5908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

14:02:47.0013 5908 Brserid - ok

14:02:47.0013 5908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

14:02:47.0044 5908 BrSerWdm - ok

14:02:47.0059 5908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

14:02:47.0091 5908 BrUsbMdm - ok

14:02:47.0122 5908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

14:02:47.0153 5908 BrUsbSer - ok

14:02:47.0215 5908 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys

14:02:47.0247 5908 BtFilter - ok

14:02:47.0262 5908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

14:02:47.0309 5908 BTHMODEM - ok

14:02:47.0371 5908 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

14:02:47.0449 5908 bthserv - ok

14:02:47.0496 5908 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

14:02:47.0574 5908 cdfs - ok

14:02:47.0605 5908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

14:02:47.0637 5908 cdrom - ok

14:02:47.0683 5908 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:02:47.0777 5908 CertPropSvc - ok

14:02:47.0808 5908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

14:02:47.0839 5908 circlass - ok

14:02:47.0902 5908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

14:02:47.0933 5908 CLFS - ok

14:02:48.0089 5908 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:02:48.0136 5908 clr_optimization_v2.0.50727_32 - ok

14:02:48.0261 5908 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:02:48.0276 5908 clr_optimization_v2.0.50727_64 - ok

14:02:48.0463 5908 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:02:48.0479 5908 clr_optimization_v4.0.30319_32 - ok

14:02:48.0682 5908 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:02:48.0697 5908 clr_optimization_v4.0.30319_64 - ok

14:02:48.0744 5908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

14:02:48.0775 5908 CmBatt - ok

14:02:48.0791 5908 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

14:02:48.0807 5908 cmdide - ok

14:02:48.0885 5908 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

14:02:48.0931 5908 CNG - ok

14:02:49.0041 5908 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys

14:02:49.0087 5908 CnxtHdAudService - ok

14:02:49.0493 5908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

14:02:49.0524 5908 Compbatt - ok

14:02:49.0540 5908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

14:02:49.0587 5908 CompositeBus - ok

14:02:49.0602 5908 COMSysApp - ok

14:02:49.0618 5908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

14:02:49.0633 5908 crcdisk - ok

14:02:49.0680 5908 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

14:02:49.0743 5908 CryptSvc - ok

14:02:49.0805 5908 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:02:49.0899 5908 DcomLaunch - ok

14:02:49.0961 5908 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

14:02:50.0039 5908 defragsvc - ok

14:02:50.0086 5908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

14:02:50.0117 5908 DfsC - ok

14:02:50.0164 5908 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

14:02:50.0242 5908 Dhcp - ok

14:02:50.0242 5908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

14:02:50.0289 5908 discache - ok

14:02:50.0320 5908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

14:02:50.0351 5908 Disk - ok

14:02:50.0367 5908 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

14:02:50.0445 5908 Dnscache - ok

14:02:50.0491 5908 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

14:02:50.0569 5908 dot3svc - ok

14:02:50.0585 5908 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

14:02:50.0647 5908 DPS - ok

14:02:50.0694 5908 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

14:02:50.0725 5908 drmkaud - ok

14:02:50.0788 5908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

14:02:50.0835 5908 DXGKrnl - ok

14:02:50.0866 5908 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

14:02:50.0928 5908 EapHost - ok

14:02:51.0069 5908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

14:02:51.0162 5908 ebdrv - ok

14:02:51.0459 5908 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

14:02:51.0474 5908 EFS - ok

14:02:51.0615 5908 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

14:02:51.0677 5908 ehRecvr - ok

14:02:51.0708 5908 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

14:02:51.0739 5908 ehSched - ok

14:02:51.0911 5908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

14:02:51.0942 5908 elxstor - ok

14:02:51.0958 5908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

14:02:51.0989 5908 ErrDev - ok

14:02:52.0036 5908 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

14:02:52.0145 5908 EventSystem - ok

14:02:52.0176 5908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

14:02:52.0254 5908 exfat - ok

14:02:52.0270 5908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

14:02:52.0332 5908 fastfat - ok

14:02:52.0395 5908 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

14:02:52.0473 5908 Fax - ok

14:02:52.0519 5908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

14:02:52.0551 5908 fdc - ok

14:02:52.0582 5908 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

14:02:52.0660 5908 fdPHost - ok

14:02:52.0660 5908 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

14:02:52.0707 5908 FDResPub - ok

14:02:52.0722 5908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

14:02:52.0738 5908 FileInfo - ok

14:02:52.0753 5908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

14:02:52.0800 5908 Filetrace - ok

14:02:52.0816 5908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

14:02:52.0831 5908 flpydisk - ok

14:02:52.0847 5908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

14:02:52.0863 5908 FltMgr - ok

14:02:52.0941 5908 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

14:02:53.0003 5908 FontCache - ok

14:02:53.0097 5908 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:02:53.0128 5908 FontCache3.0.0.0 - ok

14:02:53.0253 5908 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

14:02:53.0284 5908 FsDepends - ok

14:02:53.0315 5908 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

14:02:53.0346 5908 Fs_Rec - ok

14:02:53.0362 5908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

14:02:53.0393 5908 fvevol - ok

14:02:53.0424 5908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

14:02:53.0455 5908 gagp30kx - ok

14:02:53.0565 5908 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

14:02:53.0596 5908 GamesAppService - ok

14:02:53.0643 5908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

14:02:53.0658 5908 GEARAspiWDM - ok

14:02:53.0736 5908 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

14:02:53.0814 5908 gpsvc - ok

14:02:53.0908 5908 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:02:53.0923 5908 gupdate - ok

14:02:53.0923 5908 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:02:53.0939 5908 gupdatem - ok

14:02:53.0986 5908 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

14:02:54.0017 5908 gusvc - ok

14:02:54.0064 5908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

14:02:54.0111 5908 hcw85cir - ok

14:02:54.0142 5908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

14:02:54.0189 5908 HdAudAddService - ok

14:02:54.0204 5908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

14:02:54.0235 5908 HDAudBus - ok

14:02:54.0251 5908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

14:02:54.0282 5908 HidBatt - ok

14:02:54.0298 5908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

14:02:54.0329 5908 HidBth - ok

14:02:54.0360 5908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

14:02:54.0391 5908 HidIr - ok

14:02:54.0407 5908 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

14:02:54.0501 5908 hidserv - ok

14:02:54.0547 5908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

14:02:54.0579 5908 HidUsb - ok

14:02:54.0610 5908 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

14:02:54.0719 5908 hkmsvc - ok

14:02:54.0735 5908 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

14:02:54.0781 5908 HomeGroupListener - ok

14:02:54.0828 5908 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

14:02:54.0859 5908 HomeGroupProvider - ok

14:02:54.0906 5908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

14:02:54.0937 5908 HpSAMD - ok

14:02:55.0015 5908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

14:02:55.0125 5908 HTTP - ok

14:02:55.0125 5908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

14:02:55.0140 5908 hwpolicy - ok

14:02:55.0156 5908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

14:02:55.0171 5908 i8042prt - ok

14:02:55.0234 5908 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\windows\system32\DRIVERS\iaStor.sys

14:02:55.0265 5908 iaStor - ok

14:02:55.0327 5908 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

14:02:55.0374 5908 iaStorV - ok

14:02:55.0452 5908 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:02:55.0483 5908 IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:02:55.0483 5908 IDriverT - detected UnsignedFile.Multi.Generic (1)

14:02:55.0639 5908 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:02:55.0686 5908 idsvc - ok

14:02:56.0404 5908 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys

14:02:56.0841 5908 igfx - ok

14:02:57.0215 5908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

14:02:57.0246 5908 iirsp - ok

14:02:57.0309 5908 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

14:02:57.0418 5908 IKEEXT - ok

14:02:57.0465 5908 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

14:02:57.0511 5908 IntcDAud - ok

14:02:57.0558 5908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

14:02:57.0574 5908 intelide - ok

14:02:57.0589 5908 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

14:02:57.0636 5908 intelppm - ok

14:02:57.0667 5908 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

14:02:57.0745 5908 IPBusEnum - ok

14:02:57.0777 5908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

14:02:57.0823 5908 IpFilterDriver - ok

14:02:57.0855 5908 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

14:02:57.0964 5908 iphlpsvc - ok

14:02:57.0979 5908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

14:02:58.0011 5908 IPMIDRV - ok

14:02:58.0026 5908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

14:02:58.0057 5908 IPNAT - ok

14:02:58.0151 5908 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

14:02:58.0182 5908 iPod Service - ok

14:02:58.0213 5908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

14:02:58.0245 5908 IRENUM - ok

14:02:58.0260 5908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

14:02:58.0276 5908 isapnp - ok

14:02:58.0291 5908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

14:02:58.0307 5908 iScsiPrt - ok

14:02:58.0323 5908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

14:02:58.0338 5908 kbdclass - ok

14:02:58.0354 5908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

14:02:58.0369 5908 kbdhid - ok

14:02:58.0416 5908 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:02:58.0432 5908 KeyIso - ok

14:02:58.0447 5908 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

14:02:58.0463 5908 KSecDD - ok

14:02:58.0479 5908 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

14:02:58.0510 5908 KSecPkg - ok

14:02:58.0541 5908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

14:02:58.0603 5908 ksthunk - ok

14:02:58.0650 5908 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

14:02:58.0728 5908 KtmRm - ok

14:02:58.0775 5908 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys

14:02:58.0775 5908 L1C - ok

14:02:58.0822 5908 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

14:02:58.0915 5908 LanmanServer - ok

14:02:58.0962 5908 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

14:02:59.0087 5908 LanmanWorkstation - ok

14:02:59.0134 5908 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

14:02:59.0212 5908 lltdio - ok

14:02:59.0243 5908 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

14:02:59.0352 5908 lltdsvc - ok

14:02:59.0368 5908 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

14:02:59.0415 5908 lmhosts - ok

14:02:59.0539 5908 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:02:59.0571 5908 LMS - ok

14:02:59.0633 5908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

14:02:59.0664 5908 LSI_FC - ok

14:02:59.0680 5908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

14:02:59.0695 5908 LSI_SAS - ok

14:02:59.0695 5908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

14:02:59.0711 5908 LSI_SAS2 - ok

14:02:59.0727 5908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

14:02:59.0742 5908 LSI_SCSI - ok

14:02:59.0773 5908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

14:02:59.0836 5908 luafv - ok

14:02:59.0867 5908 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

14:02:59.0883 5908 Mcx2Svc - ok

14:02:59.0898 5908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

14:02:59.0914 5908 megasas - ok

14:02:59.0945 5908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

14:02:59.0961 5908 MegaSR - ok

14:03:00.0007 5908 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

14:03:00.0023 5908 MEIx64 - ok

14:03:00.0070 5908 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:03:00.0148 5908 MMCSS - ok

14:03:00.0179 5908 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

14:03:00.0257 5908 Modem - ok

14:03:00.0273 5908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

14:03:00.0304 5908 monitor - ok

14:03:00.0319 5908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

14:03:00.0335 5908 mouclass - ok

14:03:00.0351 5908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys

14:03:00.0382 5908 mouhid - ok

14:03:00.0429 5908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

14:03:00.0460 5908 mountmgr - ok

14:03:00.0475 5908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

14:03:00.0491 5908 mpio - ok

14:03:00.0507 5908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

14:03:00.0553 5908 mpsdrv - ok

14:03:00.0616 5908 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

14:03:00.0694 5908 MpsSvc - ok

14:03:00.0709 5908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

14:03:00.0725 5908 MRxDAV - ok

14:03:00.0741 5908 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

14:03:00.0772 5908 mrxsmb - ok

14:03:00.0819 5908 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

14:03:00.0834 5908 mrxsmb10 - ok

14:03:00.0834 5908 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

14:03:00.0850 5908 mrxsmb20 - ok

14:03:00.0850 5908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

14:03:00.0865 5908 msahci - ok

14:03:00.0865 5908 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

14:03:00.0881 5908 msdsm - ok

14:03:00.0912 5908 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

14:03:00.0928 5908 MSDTC - ok

14:03:00.0943 5908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

14:03:00.0975 5908 Msfs - ok

14:03:00.0990 5908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

14:03:01.0037 5908 mshidkmdf - ok

14:03:01.0037 5908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

14:03:01.0037 5908 msisadrv - ok

14:03:01.0084 5908 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

14:03:01.0146 5908 MSiSCSI - ok

14:03:01.0146 5908 msiserver - ok

14:03:01.0193 5908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

14:03:01.0271 5908 MSKSSRV - ok

14:03:01.0271 5908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

14:03:01.0333 5908 MSPCLOCK - ok

14:03:01.0333 5908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

14:03:01.0380 5908 MSPQM - ok

14:03:01.0411 5908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

14:03:01.0458 5908 MsRPC - ok

14:03:01.0474 5908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

14:03:01.0489 5908 mssmbios - ok

14:03:01.0521 5908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

14:03:01.0599 5908 MSTEE - ok

14:03:01.0599 5908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

14:03:01.0614 5908 MTConfig - ok

14:03:01.0614 5908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

14:03:01.0630 5908 Mup - ok

14:03:01.0693 5908 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

14:03:01.0802 5908 napagent - ok

14:03:01.0880 5908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

14:03:01.0912 5908 NativeWifiP - ok

14:03:01.0974 5908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

14:03:02.0021 5908 NDIS - ok

14:03:02.0052 5908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

14:03:02.0083 5908 NdisCap - ok

14:03:02.0114 5908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

14:03:02.0146 5908 NdisTapi - ok

14:03:02.0146 5908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

14:03:02.0224 5908 Ndisuio - ok

14:03:02.0255 5908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

14:03:02.0333 5908 NdisWan - ok

14:03:02.0364 5908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

14:03:02.0395 5908 NDProxy - ok

14:03:02.0411 5908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

14:03:02.0442 5908 NetBIOS - ok

14:03:02.0473 5908 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

14:03:02.0504 5908 NetBT - ok

14:03:02.0551 5908 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:03:02.0551 5908 Netlogon - ok

14:03:02.0582 5908 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

14:03:02.0645 5908 Netman - ok

14:03:02.0894 5908 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:03:02.0910 5908 NetMsmqActivator - ok

14:03:02.0941 5908 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:03:02.0957 5908 NetPipeActivator - ok

14:03:03.0004 5908 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

14:03:03.0066 5908 netprofm - ok

14:03:03.0066 5908 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:03:03.0082 5908 NetTcpActivator - ok

14:03:03.0082 5908 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

14:03:03.0097 5908 NetTcpPortSharing - ok

14:03:03.0238 5908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

14:03:03.0269 5908 nfrd960 - ok

14:03:03.0316 5908 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

14:03:03.0425 5908 NlaSvc - ok

14:03:03.0518 5908 Norton PC Checkup Application Launcher - ok

14:03:03.0565 5908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

14:03:03.0643 5908 Npfs - ok

14:03:03.0690 5908 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

14:03:03.0768 5908 nsi - ok

14:03:03.0768 5908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

14:03:03.0830 5908 nsiproxy - ok

14:03:03.0908 5908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

14:03:03.0986 5908 Ntfs - ok

14:03:04.0376 5908 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

14:03:04.0439 5908 Null - ok

14:03:04.0470 5908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

14:03:04.0470 5908 nvraid - ok

14:03:04.0486 5908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

14:03:04.0501 5908 nvstor - ok

14:03:04.0517 5908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

14:03:04.0532 5908 nv_agp - ok

14:03:04.0548 5908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

14:03:04.0564 5908 ohci1394 - ok

14:03:04.0720 5908 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:03:04.0735 5908 ose - ok

14:03:05.0125 5908 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:03:05.0281 5908 osppsvc - ok

14:03:05.0578 5908 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:03:05.0624 5908 p2pimsvc - ok

14:03:05.0702 5908 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

14:03:05.0734 5908 p2psvc - ok

14:03:05.0843 5908 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

14:03:05.0874 5908 Parport - ok

14:03:05.0921 5908 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

14:03:05.0936 5908 partmgr - ok

14:03:05.0968 5908 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

14:03:06.0030 5908 PcaSvc - ok

14:03:06.0139 5908 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

14:03:06.0170 5908 PCCUJobMgr - ok

14:03:06.0217 5908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

14:03:06.0248 5908 pci - ok

14:03:06.0264 5908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

14:03:06.0280 5908 pciide - ok

14:03:06.0311 5908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

14:03:06.0342 5908 pcmcia - ok

14:03:06.0358 5908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

14:03:06.0373 5908 pcw - ok

14:03:06.0420 5908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

14:03:06.0514 5908 PEAUTH - ok

14:03:06.0779 5908 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

14:03:06.0826 5908 PerfHost - ok

14:03:06.0872 5908 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

14:03:06.0888 5908 PGEffect - ok

14:03:06.0982 5908 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

14:03:07.0091 5908 pla - ok

14:03:07.0169 5908 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

14:03:07.0216 5908 PlugPlay - ok

14:03:07.0262 5908 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

14:03:07.0294 5908 PNRPAutoReg - ok

14:03:07.0325 5908 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:03:07.0356 5908 PNRPsvc - ok

14:03:07.0403 5908 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

14:03:07.0465 5908 PolicyAgent - ok

14:03:07.0512 5908 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

14:03:07.0590 5908 Power - ok

14:03:07.0730 5908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

14:03:07.0808 5908 PptpMiniport - ok

14:03:07.0840 5908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

14:03:07.0871 5908 Processor - ok

14:03:07.0918 5908 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

14:03:07.0964 5908 ProfSvc - ok

14:03:07.0996 5908 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:03:08.0011 5908 ProtectedStorage - ok

14:03:08.0058 5908 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

14:03:08.0152 5908 Psched - ok

14:03:08.0198 5908 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

14:03:08.0230 5908 QIOMem - ok

14:03:08.0308 5908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

14:03:08.0370 5908 ql2300 - ok

14:03:08.0776 5908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

14:03:08.0807 5908 ql40xx - ok

14:03:08.0854 5908 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

14:03:08.0900 5908 QWAVE - ok

14:03:08.0900 5908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

14:03:08.0947 5908 QWAVEdrv - ok

14:03:08.0947 5908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

14:03:09.0010 5908 RasAcd - ok

14:03:09.0041 5908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

14:03:09.0103 5908 RasAgileVpn - ok

14:03:09.0134 5908 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

14:03:09.0212 5908 RasAuto - ok

14:03:09.0244 5908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

14:03:09.0290 5908 Rasl2tp - ok

14:03:09.0306 5908 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

14:03:09.0337 5908 RasMan - ok

14:03:09.0368 5908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

14:03:09.0415 5908 RasPppoe - ok

14:03:09.0446 5908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

14:03:09.0509 5908 RasSstp - ok

14:03:09.0540 5908 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

14:03:09.0618 5908 rdbss - ok

14:03:09.0634 5908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

14:03:09.0649 5908 rdpbus - ok

14:03:09.0680 5908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

14:03:09.0727 5908 RDPCDD - ok

14:03:09.0727 5908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

14:03:09.0774 5908 RDPENCDD - ok

14:03:09.0790 5908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

14:03:09.0821 5908 RDPREFMP - ok

14:03:09.0836 5908 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

14:03:09.0883 5908 RDPWD - ok

14:03:09.0930 5908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

14:03:09.0946 5908 rdyboost - ok

14:03:09.0961 5908 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

14:03:10.0024 5908 RemoteAccess - ok

14:03:10.0070 5908 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

14:03:10.0133 5908 RemoteRegistry - ok

14:03:10.0164 5908 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

14:03:10.0195 5908 RpcEptMapper - ok

14:03:10.0226 5908 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

14:03:10.0226 5908 RpcLocator - ok

14:03:10.0258 5908 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:03:10.0304 5908 RpcSs - ok

14:03:10.0336 5908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

14:03:10.0414 5908 rspndr - ok

14:03:10.0492 5908 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

14:03:10.0523 5908 RSUSBSTOR - ok

14:03:10.0538 5908 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys

14:03:10.0554 5908 RSUSBVSTOR - ok

14:03:10.0585 5908 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:03:10.0616 5908 SamSs - ok

14:03:10.0648 5908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

14:03:10.0679 5908 sbp2port - ok

14:03:10.0726 5908 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

14:03:10.0804 5908 SCardSvr - ok

14:03:10.0804 5908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

14:03:10.0866 5908 scfilter - ok

14:03:10.0913 5908 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

14:03:10.0975 5908 Schedule - ok

14:03:11.0006 5908 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:03:11.0084 5908 SCPolicySvc - ok

14:03:11.0116 5908 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

14:03:11.0178 5908 SDRSVC - ok

14:03:11.0303 5908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

14:03:11.0381 5908 secdrv - ok

14:03:11.0428 5908 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

14:03:11.0474 5908 seclogon - ok

14:03:11.0474 5908 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

14:03:11.0521 5908 SENS - ok

14:03:11.0552 5908 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

14:03:11.0584 5908 SensrSvc - ok

14:03:11.0630 5908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

14:03:11.0662 5908 Serenum - ok

14:03:11.0677 5908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

14:03:11.0708 5908 Serial - ok

14:03:11.0724 5908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

14:03:11.0755 5908 sermouse - ok

14:03:11.0802 5908 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

14:03:11.0896 5908 SessionEnv - ok

14:03:11.0896 5908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

14:03:11.0911 5908 sffdisk - ok

14:03:11.0942 5908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

14:03:11.0974 5908 sffp_mmc - ok

14:03:11.0974 5908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

14:03:12.0020 5908 sffp_sd - ok

14:03:12.0020 5908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

14:03:12.0052 5908 sfloppy - ok

14:03:12.0098 5908 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

14:03:12.0161 5908 SharedAccess - ok

14:03:12.0208 5908 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

14:03:12.0301 5908 ShellHWDetection - ok

14:03:12.0332 5908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

14:03:12.0332 5908 SiSRaid2 - ok

14:03:12.0364 5908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

14:03:12.0379 5908 SiSRaid4 - ok

14:03:12.0395 5908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

14:03:12.0488 5908 Smb - ok

14:03:12.0535 5908 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

14:03:12.0566 5908 SNMPTRAP - ok

14:03:12.0566 5908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

14:03:12.0598 5908 spldr - ok

14:03:12.0629 5908 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

14:03:12.0691 5908 Spooler - ok

14:03:12.0847 5908 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

14:03:12.0956 5908 sppsvc - ok

14:03:13.0237 5908 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

14:03:13.0315 5908 sppuinotify - ok

14:03:13.0456 5908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

14:03:13.0534 5908 srv - ok

14:03:13.0565 5908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

14:03:13.0596 5908 srv2 - ok

14:03:13.0643 5908 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

14:03:13.0674 5908 SrvHsfHDA - ok

14:03:13.0768 5908 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

14:03:13.0846 5908 SrvHsfV92 - ok

14:03:14.0267 5908 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

14:03:14.0314 5908 SrvHsfWinac - ok

14:03:14.0345 5908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

14:03:14.0376 5908 srvnet - ok

14:03:14.0407 5908 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

14:03:14.0501 5908 SSDPSRV - ok

14:03:14.0516 5908 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

14:03:14.0563 5908 SstpSvc - ok

14:03:14.0594 5908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

14:03:14.0610 5908 stexstor - ok

14:03:14.0657 5908 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

14:03:14.0719 5908 stisvc - ok

14:03:14.0719 5908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

14:03:14.0735 5908 swenum - ok

14:03:14.0797 5908 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

14:03:14.0860 5908 swprv - ok

14:03:14.0969 5908 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

14:03:15.0016 5908 SynTP - ok

14:03:15.0421 5908 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

14:03:15.0484 5908 SysMain - ok

14:03:15.0764 5908 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

14:03:15.0827 5908 TabletInputService - ok

14:03:15.0858 5908 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

14:03:15.0889 5908 TapiSrv - ok

14:03:15.0905 5908 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

14:03:15.0936 5908 TBS - ok

14:03:16.0154 5908 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

14:03:16.0232 5908 Tcpip - ok

14:03:16.0716 5908 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

14:03:16.0763 5908 TCPIP6 - ok

14:03:17.0153 5908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

14:03:17.0231 5908 tcpipreg - ok

14:03:17.0278 5908 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

14:03:17.0293 5908 tdcmdpst - ok

14:03:17.0309 5908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

14:03:17.0340 5908 TDPIPE - ok

14:03:17.0371 5908 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

14:03:17.0418 5908 TDTCP - ok

14:03:17.0434 5908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

14:03:17.0496 5908 tdx - ok

14:03:17.0527 5908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

14:03:17.0543 5908 TermDD - ok

14:03:17.0574 5908 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

14:03:17.0636 5908 TermService - ok

14:03:17.0652 5908 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

14:03:17.0668 5908 Themes - ok

14:03:17.0699 5908 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:03:17.0761 5908 THREADORDER - ok

14:03:17.0839 5908 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

14:03:17.0870 5908 TMachInfo - ok

14:03:17.0917 5908 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe

14:03:17.0948 5908 TODDSrv - ok

14:03:18.0042 5908 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

14:03:18.0089 5908 TosCoSrv - ok

14:03:18.0214 5908 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

14:03:18.0245 5908 TOSHIBA Bluetooth Service - ok

14:03:18.0307 5908 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe

14:03:18.0338 5908 TOSHIBA eco Utility Service - ok

14:03:18.0432 5908 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

14:03:18.0448 5908 TOSHIBA HDD SSD Alert Service - ok

14:03:18.0838 5908 tosrfbd (09cf82c0068c7cff7e2b3797be7f5cc2) C:\windows\system32\DRIVERS\tosrfbd.sys

14:03:18.0869 5908 tosrfbd - ok

14:03:18.0884 5908 Tosrfcom - ok

14:03:18.0916 5908 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys

14:03:18.0931 5908 tosrfec - ok

14:03:18.0978 5908 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys

14:03:18.0994 5908 Tosrfusb - ok

14:03:19.0056 5908 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

14:03:19.0087 5908 tos_sps64 - ok

14:03:19.0181 5908 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

14:03:19.0243 5908 TPCHSrv - ok

14:03:19.0540 5908 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

14:03:19.0633 5908 TrkWks - ok

14:03:19.0696 5908 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

14:03:19.0774 5908 TrustedInstaller - ok

14:03:19.0867 5908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

14:03:19.0961 5908 tssecsrv - ok

14:03:19.0992 5908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

14:03:20.0008 5908 TsUsbFlt - ok

14:03:20.0008 5908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

14:03:20.0039 5908 TsUsbGD - ok

14:03:20.0086 5908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

14:03:20.0179 5908 tunnel - ok

14:03:20.0226 5908 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

14:03:20.0242 5908 TVALZ - ok

14:03:20.0273 5908 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

14:03:20.0288 5908 TVALZFL - ok

14:03:20.0335 5908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

14:03:20.0366 5908 uagp35 - ok

14:03:20.0398 5908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

14:03:20.0476 5908 udfs - ok

14:03:20.0522 5908 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

14:03:20.0538 5908 UI0Detect - ok

14:03:20.0554 5908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

14:03:20.0569 5908 uliagpkx - ok

14:03:20.0585 5908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

14:03:20.0600 5908 umbus - ok

14:03:20.0632 5908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

14:03:20.0663 5908 UmPass - ok

14:03:20.0928 5908 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:03:20.0990 5908 UNS - ok

14:03:21.0302 5908 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

14:03:21.0380 5908 upnphost - ok

14:03:21.0521 5908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

14:03:21.0568 5908 usbccgp - ok

14:03:21.0583 5908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

14:03:21.0614 5908 usbcir - ok

14:03:21.0646 5908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

14:03:21.0661 5908 usbehci - ok

14:03:21.0708 5908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

14:03:21.0755 5908 usbhub - ok

14:03:21.0770 5908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

14:03:21.0802 5908 usbohci - ok

14:03:21.0817 5908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

14:03:21.0864 5908 usbprint - ok

14:03:21.0880 5908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

14:03:21.0926 5908 USBSTOR - ok

14:03:21.0958 5908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

14:03:21.0989 5908 usbuhci - ok

14:03:22.0020 5908 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

14:03:22.0067 5908 usbvideo - ok

14:03:22.0098 5908 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

14:03:22.0160 5908 UxSms - ok

14:03:22.0176 5908 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:03:22.0207 5908 VaultSvc - ok

14:03:22.0254 5908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

14:03:22.0285 5908 vdrvroot - ok

14:03:22.0348 5908 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

14:03:22.0441 5908 vds - ok

14:03:22.0441 5908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

14:03:22.0457 5908 vga - ok

14:03:22.0457 5908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

14:03:22.0504 5908 VgaSave - ok

14:03:22.0519 5908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

14:03:22.0535 5908 vhdmp - ok

14:03:22.0566 5908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

14:03:22.0582 5908 viaide - ok

14:03:22.0597 5908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

14:03:22.0628 5908 volmgr - ok

14:03:22.0675 5908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

14:03:22.0706 5908 volmgrx - ok

14:03:22.0722 5908 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

14:03:22.0753 5908 volsnap - ok

14:03:22.0816 5908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

14:03:22.0847 5908 vsmraid - ok

14:03:22.0940 5908 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

14:03:23.0050 5908 VSS - ok

14:03:23.0424 5908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

14:03:23.0455 5908 vwifibus - ok

14:03:23.0486 5908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

14:03:23.0533 5908 vwififlt - ok

14:03:23.0611 5908 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

14:03:23.0689 5908 W32Time - ok

14:03:23.0720 5908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

14:03:23.0752 5908 WacomPen - ok

14:03:23.0783 5908 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:03:23.0861 5908 WANARP - ok

14:03:23.0861 5908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:03:23.0923 5908 Wanarpv6 - ok

14:03:24.0017 5908 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

14:03:24.0079 5908 WatAdminSvc - ok

14:03:24.0173 5908 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

14:03:24.0235 5908 wbengine - ok

14:03:24.0547 5908 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

14:03:24.0594 5908 WbioSrvc - ok

14:03:24.0610 5908 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

14:03:24.0672 5908 wcncsvc - ok

14:03:24.0688 5908 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

14:03:24.0734 5908 WcsPlugInService - ok

14:03:24.0859 5908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

14:03:24.0890 5908 Wd - ok

14:03:24.0922 5908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

14:03:24.0968 5908 Wdf01000 - ok

14:03:25.0000 5908 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:03:25.0093 5908 WdiServiceHost - ok

14:03:25.0093 5908 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:03:25.0124 5908 WdiSystemHost - ok

14:03:25.0171 5908 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

14:03:25.0234 5908 WebClient - ok

14:03:25.0265 5908 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

14:03:25.0327 5908 Wecsvc - ok

14:03:25.0343 5908 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

14:03:25.0374 5908 wercplsupport - ok

14:03:25.0421 5908 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

14:03:25.0514 5908 WerSvc - ok

14:03:25.0639 5908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

14:03:25.0717 5908 WfpLwf - ok

14:03:25.0733 5908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

14:03:25.0733 5908 WIMMount - ok

14:03:25.0795 5908 WinDefend - ok

14:03:25.0811 5908 WinHttpAutoProxySvc - ok

14:03:25.0951 5908 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

14:03:26.0029 5908 Winmgmt - ok

14:03:26.0138 5908 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

14:03:26.0248 5908 WinRM - ok

14:03:26.0575 5908 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

14:03:26.0653 5908 Wlansvc - ok

14:03:26.0747 5908 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:03:26.0762 5908 wlcrasvc - ok

14:03:26.0903 5908 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:03:26.0965 5908 wlidsvc - ok

14:03:27.0340 5908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

14:03:27.0371 5908 WmiAcpi - ok

14:03:27.0527 5908 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

14:03:27.0558 5908 wmiApSrv - ok

14:03:27.0636 5908 WMPNetworkSvc - ok

14:03:27.0683 5908 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

14:03:27.0730 5908 WPCSvc - ok

14:03:27.0745 5908 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

14:03:27.0776 5908 WPDBusEnum - ok

14:03:27.0808 5908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

14:03:27.0870 5908 ws2ifsl - ok

14:03:27.0886 5908 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

14:03:27.0917 5908 wscsvc - ok

14:03:27.0917 5908 WSearch - ok

14:03:28.0042 5908 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

14:03:28.0120 5908 wuauserv - ok

14:03:28.0494 5908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

14:03:28.0603 5908 WudfPf - ok

14:03:28.0619 5908 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

14:03:28.0712 5908 WUDFRd - ok

14:03:28.0759 5908 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

14:03:28.0822 5908 wudfsvc - ok

14:03:28.0837 5908 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

14:03:28.0868 5908 WwanSvc - ok

14:03:28.0931 5908 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

14:03:29.0633 5908 \Device\Harddisk0\DR0 - ok

14:03:29.0664 5908 Boot (0x1200) (ef4e68f9ec02aabec2867b5de2945259) \Device\Harddisk0\DR0\Partition0

14:03:29.0664 5908 \Device\Harddisk0\DR0\Partition0 - ok

14:03:29.0664 5908 ============================================================

14:03:29.0664 5908 Scan finished

14:03:29.0664 5908 ============================================================

14:03:29.0695 0304 Detected object count: 1

14:03:29.0695 0304 Actual detected object count: 1

14:04:09.0257 0304 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine

14:04:09.0257 0304 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

Joyceschiffer1 · June 28, 2012

I ran GMER as instructed, but after the scan (very long) I got a message box that said that it 'hasn't found any system modifications'. The main screen was empty, and when I pushed copy nothing appeared.

Here are the logs from OTL:

OTL logfile created on: 6/27/2012 2:12:27 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free

11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 14:11:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce\Downloads\OTL (2).exe

PRC - [2012/04/16 13:36:01 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

PRC - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

PRC - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

PRC - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/06/04 13:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/01 08:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2011/06/09 18:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/05/24 06:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2011/05/17 11:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/10/20 11:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/23 08:02:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/07/19 05:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2011/07/19 05:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2011/07/11 14:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/04/01 14:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2010/12/20 15:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/20 15:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/10/12 07:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/08/31 09:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/07/08 14:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2011/07/07 12:02:00 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/05/20 06:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/23 08:03:00 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)

DRV:64bit: - [2011/02/08 16:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/02/03 16:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/27 12:27:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)

DRV:64bit: - [2010/12/17 16:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/12/01 13:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/08 09:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/14 22:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/06/18 13:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)

DRV:64bit: - [2009/07/30 17:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 12:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/24 12:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/06/19 16:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/15 10:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)

DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481}

IE:64bit: - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0AFB508D-692E-4284-A223-F16CD6262481}

IE - HKLM\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3196716

IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {4BBCB661-490B-4B73-9F25-4084943E3DA1}

IE - HKCU\..\SearchScopes\{0AFB508D-692E-4284-A223-F16CD6262481}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKCU\..\SearchScopes\{3A362049-F5FA-4113-ABEC-BC645154FB6F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716

IE - HKCU\..\SearchScopes\{4BBCB661-490B-4B73-9F25-4084943E3DA1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS480

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 08:29:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/26 12:26:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/16 13:15:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/04/16 13:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce\AppData\Roaming\Mozilla\Extensions

[2012/04/25 17:19:19 | 000,564,731 | ---- | M] () (No name found) -- C:\USERS\JOYCE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\I6CMFF2T.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B772149-B9A1-4327-8159-3F3E9E61D3DA}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D64AE0-9887-44F5-819C-D89219763887}: DhcpNameServer = 50.50.0.50

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 14:04:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/06/27 14:00:47 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe

[2012/06/27 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/06/27 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Conduit

[2012/06/27 13:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert

[2012/06/26 08:04:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joyce\Desktop\dds.com

[2012/06/24 17:15:22 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Malwarebytes

[2012/06/24 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/24 17:15:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/24 17:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/24 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery

[2012/06/24 06:32:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll

[2012/06/24 06:32:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe

[2012/06/24 06:32:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll

[2012/06/24 06:32:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll

[2012/06/24 06:32:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll

[2012/06/24 06:32:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll

[2012/06/24 06:32:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

[2012/06/24 06:32:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe

[2012/06/17 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Diagnostics

[2012/06/13 07:26:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/06/13 07:26:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/06/13 07:26:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/06/13 07:26:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/06/13 07:26:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/06/13 07:26:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/06/13 07:26:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/06/13 07:26:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/06/13 07:26:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/06/13 07:26:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/06/13 07:26:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/06/13 07:26:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/06/13 07:26:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/06/12 11:38:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012/06/12 11:38:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012/06/12 11:38:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012/06/12 11:38:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012/06/12 11:38:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012/06/12 11:38:15 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012/06/12 11:38:14 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll

[2012/06/12 11:38:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012/06/12 11:38:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012/06/11 08:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/06/07 19:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Book Place

[2012/06/07 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Local\Kjs.AppLife.Update

[2012/06/07 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Joyce\Documents\Book Place

[2012/06/07 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Joyce\AppData\Roaming\Book Place

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 14:00:50 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joyce\Desktop\tdsskiller.exe

[2012/06/27 13:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/27 13:58:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/27 13:55:18 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/06/27 13:55:18 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/06/27 13:55:18 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/06/27 13:51:17 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/27 13:51:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/27 13:50:59 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/27 13:31:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/27 05:59:13 | 100,746,374 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm

[2012/06/26 08:04:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joyce\Desktop\dds.com

[2012/06/25 18:50:53 | 000,263,267 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm

[2012/06/24 19:13:44 | 000,001,579 | ---- | M] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk

[2012/06/24 18:33:55 | 000,001,593 | ---- | M] () -- C:\Users\Joyce\Desktop\Mozilla.lnk

[2012/06/24 18:33:08 | 000,001,689 | ---- | M] () -- C:\Users\Joyce\Desktop\Word.lnk

[2012/06/24 18:32:49 | 000,001,700 | ---- | M] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk

[2012/06/24 18:32:03 | 000,001,669 | ---- | M] () -- C:\Users\Joyce\Desktop\Excel.lnk

[2012/06/24 17:15:16 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/24 17:05:38 | 000,000,152 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bcr

[2012/06/24 17:05:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\-0UsElvON0Pc1Bc

[2012/06/24 17:05:36 | 000,000,690 | ---- | M] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/06/24 17:05:33 | 000,000,256 | ---- | M] () -- C:\ProgramData\0UsElvON0Pc1Bc

[2012/06/23 08:02:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/06/23 08:02:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/20 11:38:23 | 029,725,628 | ---- | M] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv

[2012/06/13 09:01:01 | 000,341,296 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/06/11 08:29:20 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/06/10 06:16:52 | 000,773,050 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe

[2012/06/02 12:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll

[2012/06/02 12:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe

[2012/06/02 12:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll

[2012/06/02 12:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll

[2012/06/02 12:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll

[2012/06/02 12:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 13:42:25 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012/06/27 13:42:25 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/27 13:42:25 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/06/27 13:42:25 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012/06/27 13:42:25 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2012/06/27 13:42:25 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2012/06/27 13:42:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2012/06/27 13:42:25 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2012/06/27 13:42:25 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2012/06/27 13:42:25 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2012/06/27 13:42:25 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk

[2012/06/27 13:42:25 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/06/27 13:42:24 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012/06/27 13:42:24 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2012/06/27 13:42:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2012/06/27 13:42:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/06/27 13:42:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/06/27 13:42:22 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk

[2012/06/24 19:13:44 | 000,001,579 | ---- | C] () -- C:\Users\Joyce\Desktop\Hearts - Shortcut.lnk

[2012/06/24 18:33:55 | 000,001,593 | ---- | C] () -- C:\Users\Joyce\Desktop\Mozilla.lnk

[2012/06/24 18:33:08 | 000,001,689 | ---- | C] () -- C:\Users\Joyce\Desktop\Word.lnk

[2012/06/24 18:32:49 | 000,001,700 | ---- | C] () -- C:\Users\Joyce\Desktop\POWERPNT - Shortcut.lnk

[2012/06/24 18:32:03 | 000,001,669 | ---- | C] () -- C:\Users\Joyce\Desktop\Excel.lnk

[2012/06/24 17:15:16 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/24 17:05:38 | 000,000,152 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bcr

[2012/06/24 17:05:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\-0UsElvON0Pc1Bc

[2012/06/24 17:05:36 | 000,000,690 | ---- | C] () -- C:\Users\Joyce\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

[2012/06/24 17:05:33 | 000,000,256 | ---- | C] () -- C:\ProgramData\0UsElvON0Pc1Bc

[2012/06/20 11:38:06 | 029,725,628 | ---- | C] () -- C:\Users\Joyce\Documents\Thunderbird 12.0.1 (en-US) - 2012-06-20.pcv

[2012/06/07 19:29:13 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/31 09:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/08/31 09:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/08/31 09:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/08/31 09:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2011/08/31 09:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2011/02/03 16:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/04/16 12:45:21 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\AVG2012

[2012/06/07 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Book Place

[2012/04/16 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Thunderbird

[2012/04/18 07:11:20 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Tific

[2012/04/16 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\Toshiba

[2012/04/16 12:20:54 | 000,000,000 | ---D | M] -- C:\Users\Joyce\AppData\Roaming\WinBatch

[2009/07/13 19:08:49 | 000,021,658 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/27/2012 2:12:27 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Joyce\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.87% Memory free

11.90 Gb Paging File | 10.20 Gb Available in Paging File | 85.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.62 Gb Total Space | 404.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: Joyce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AD08226-5C37-4DD1-976E-B98D08F4ABCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0C1BDA28-7E2F-4EFD-AF48-05CB4F71CEE2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{2DFF034E-1B3F-4E48-8944-806B508759AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2FDBEAB0-72B9-4ACC-83DB-27B36BBA08B5}" = rport=139 | protocol=6 | dir=out | app=system |

"{3395C4B1-87CA-4262-86EE-380DCDEE4452}" = rport=138 | protocol=17 | dir=out | app=system |

"{3EBE1FFD-0110-493B-B313-A9D7EEF4C11E}" = rport=445 | protocol=6 | dir=out | app=system |

"{43AA7A29-D948-418A-880C-6F4E2ADB64E2}" = lport=139 | protocol=6 | dir=in | app=system |

"{448B9F09-636C-4487-83AF-3F323465023C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{45B5CDAD-7AAB-4EE9-BE36-BADF7196A92B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{72AF5C45-0076-4822-91E0-9FE9FBB9108E}" = lport=137 | protocol=17 | dir=in | app=system |

"{74FD300F-D2C7-4A97-BF33-6980BCF600B1}" = rport=137 | protocol=17 | dir=out | app=system |

"{86EA9215-F541-4F12-A03A-7FDF86E139E4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{96379E79-EDB3-4AD0-A348-6D9E479D04A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{9D6B6896-E696-436C-A122-A7FF13975742}" = lport=138 | protocol=17 | dir=in | app=system |

"{B1CBB235-06D5-44A7-A0E6-A021880620C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B2AC192B-4D20-49C5-84B3-A576DCACEBAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C0C7215F-7951-4D53-AD4D-6B3CC8E94A31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C6B29912-2B19-48D1-AA5F-2EF98C2DFA23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D8151D2C-C66D-43DF-8C8A-7F704B2C4875}" = lport=10243 | protocol=6 | dir=in | app=system |

"{DAC149F3-71A3-4102-AA4D-30FACA3033E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E68BCF30-B7E5-43DC-AA12-9BDA298A86E4}" = lport=445 | protocol=6 | dir=in | app=system |

"{ECE60CC3-9D67-4403-AF59-4E3C8C4BDA98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F44B56C4-B71A-4D94-BE9C-D6D80D16CDD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F847AE1C-BBEF-4833-BA62-511E61E71342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FF7AC202-B0FA-43C1-A112-5BA874211943}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04CEC340-2DA7-493C-BF96-1B03985FE5F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{0858B167-102D-4EA3-B64C-3A7D5190F0FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0A7B8878-E9EE-47BE-9923-54CF19C3A7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{112C8AF8-CD1A-4139-AD73-460BB2044705}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{13D7EC2C-3F04-45D8-BB65-13EFBC8CC87F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{18EF97D9-9E61-4429-89E9-08F830E9E38B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{1A81A0EB-13FE-465A-B845-E59827742BA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{252CA925-BA77-4190-9839-B7C788A32C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{27D76825-DDBF-45D8-95FC-EC36FAD1E652}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{31BE9373-CE5C-4A1C-849A-69308F499D09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3B594D25-93ED-4EFF-9A0F-B4D6316B000F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4689ECCE-7916-4500-B28A-7C38E3A9702C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4D1938BA-5096-4656-9453-E87BAE2831C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{56750813-2DEB-431C-9BBF-2DC5534E51BD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{59F6AA48-809A-467A-82AB-740F7E4CAA79}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{787DA264-623B-4826-BC05-D3C56A16B71F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{799DF9E4-3766-4589-9C34-44E1F5B50446}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{902CA8DA-6381-4BCE-BBC0-D3586F1C073F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{93B4E719-AE66-4853-B083-A07A414B8EBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{945E1027-428D-423D-90B6-495CC42AF4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{97C9FCD5-ED4A-4A8F-A29A-34C07ADB3409}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{9B88AFCD-7DF6-445C-9C34-5F5F3653E3A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{9C454FCB-4433-40D2-BC26-7FFF5E2EB0C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A790E0A4-85F5-4396-86A6-C84509C8C2BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A7DBBE3D-69BC-491C-8E40-2ECD1620E021}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{A7DC7ADA-557E-4D2B-B4DC-ABABC38108FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A812DBE1-F473-4874-9CD2-A88DD9986FDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A8CCD001-9EBA-4540-9AA6-6B8FFE00ED48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AE959908-7F14-4426-8C6E-783F808E41B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C9E4C857-2AE9-4315-AB69-B22A124CDE5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CDE32480-BFE6-44D1-9DFD-C77F31DFF078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D294B24A-7243-4335-B9DC-B8A5F8305812}" = protocol=6 | dir=out | app=system |

"{D853A78D-93E5-488C-9795-97AF9DEDEB11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{D86DC020-064F-4962-8A29-50E903CD4210}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{DF08559A-CC73-4E64-8643-E74F605A6006}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E24E2DBB-6EF2-4D35-A74B-DC054B60FFA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{E76712C1-CDC8-46A0-9DA0-8761F3C5E9D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F3EE523C-6CDB-4421-99C8-71DF7BCFEEEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility

"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"AVG" = AVG 2012

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Google Chrome" = Google Chrome

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MozBackup" = MozBackup 1.5.1

"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)

"NortonPCCheckup" = Toshiba Laptop Checkup

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WiseConvert Toolbar" = WiseConvert Toolbar

"WTA-05a36915-ab0b-4afb-91f4-85c38665ca8a" = Polar Bowler

"WTA-14f835bc-c0d2-4206-ab27-88e1661322a9" = Plants vs. Zombies - Game of the Year

"WTA-274138f0-21fd-4e6f-8a2b-6e3018c67a30" = Zuma's Revenge

"WTA-43378099-d046-4cdc-a852-6fac76352101" = RollerCoaster Tycoon 3: Platinum

"WTA-4d3db7cc-9fa7-4f89-b360-7baa7eecaed5" = Bejeweled 3

"WTA-4de2cb34-3477-4d28-980f-a2bb3004cf1b" = Letters from Nowhere 2

"WTA-aabc3804-6e0b-47ed-89c9-0f18583fbd03" = Tales of Lagoona

"WTA-bd43cf5c-c367-41ab-b1ff-ca18fd300e31" = FATE - The Traitor Soul

"WTA-c25213e7-7df6-4e91-a1f5-85b340f4f8e1" = Virtual Villagers 4 - The Tree of Life

"WTA-e57f0014-a6e8-45fe-941a-d03413c3f943" = Penguins!

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/11/2012 1:07:47 AM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 6/11/2012 12:21:39 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 6/11/2012 12:22:35 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 6/11/2012 2:35:11 PM | Computer Name = Joyce-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 6/12/2012 1:35:29 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 6/12/2012 1:36:23 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/13/2012 1:22:53 PM | Computer Name = Joyce-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 6/13/2012 1:23:47 PM | Computer Name = Joyce-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874

Description = An SSL 3.0 connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 40. The internal error state

is 107.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874

Description = An SSL 3.0 connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:14 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 40. The internal error state

is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874

Description = An SSL 3.0 connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 40. The internal error state

is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874

Description = An SSL 3.0 connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 40. The internal error state

is 107.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36874

Description = An SSL 3.0 connection request was received from a remote client application,

but none of the cipher suites supported by the client application are supported

by the server. The SSL connection request has failed.

Error - 6/21/2012 3:17:15 PM | Computer Name = Joyce-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 40. The internal error state

is 107.

< End of report >

Joyceschiffer1 · June 28, 2012

Last but not least, the results of Security Check:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 25

Java version out of Date!

Adobe Reader X (10.1.3)

Mozilla Thunderbird (12.0.1)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

I cannot thank you enough! Joyce

Maurice Naggar · June 28, 2012

Joyce,

You are very welcome. I am very glad to see you have made good headway. The real genius is Grinler at BC.

You are over the main hurddle. Now some additional checks to see if there are remnants of the rogue malware.

MBAM run

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

These steps are for member joyceschiffer1 only. If you are a casual viewer, do NOT try this on your system!

If you are not joyce and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Java maintenance

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of >> Windows Offline << from here and save it to your desktop.
Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
Close any programs you may have running - especially your web browser(s).
Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Reply with a copy of the C:\Combofix.txt log and the MBAM scan log for review.

Edited June 28, 2012 by Maurice Naggar

Joyceschiffer1 · June 29, 2012

Here is the MBAM scan log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.28.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joyce :: JOYCE-PC [administrator]

6/28/2012 1:26:57 PM

mbam-log-2012-06-28 (13-26-57).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 211116

Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And the Combofix log:

ComboFix 12-06-28.03 - Joyce 06/28/2012 13:35:53.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4513 [GMT -10:00]

Running from: c:\users\Joyce\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\0UsElvON0Pc1Bc

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

2012-06-28 00:23 . 2012-06-28 00:24 -------- d-----w- C:\ARK

2012-06-28 00:04 . 2012-06-28 00:04 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\program files (x86)\Conduit

2012-06-27 23:31 . 2012-06-27 23:31 -------- d-----w- c:\users\Joyce\AppData\Local\Conduit

2012-06-27 23:31 . 2012-06-27 23:35 -------- d-----w- c:\program files (x86)\WiseConvert

2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\users\Joyce\AppData\Roaming\Malwarebytes

2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-25 03:15 . 2012-06-25 03:15 -------- d-----w- c:\programdata\Malwarebytes

2012-06-25 03:15 . 2012-04-05 01:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-24 16:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 16:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 16:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 16:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 16:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 16:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 16:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 16:32 . 2012-06-03 01:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 16:32 . 2012-06-03 01:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 04:13 . 2012-06-18 04:13 -------- d-----w- c:\users\Joyce\AppData\Local\Diagnostics

2012-06-12 21:38 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-08 05:31 . 2012-06-08 05:31 -------- d-----w- c:\programdata\Book Place

2012-06-08 05:30 . 2012-06-08 05:30 -------- d-----w- c:\users\Public\Book Place

2012-06-08 05:26 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Local\Kjs.AppLife.Update

2012-06-08 05:18 . 2012-06-08 05:31 -------- d-----w- c:\users\Joyce\AppData\Roaming\Book Place

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 18:02 . 2012-04-24 15:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 18:02 . 2011-11-03 06:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 14:50 . 2012-04-19 14:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-16 22:21 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 18:02]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 06:08]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-06-28 13:53:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-28 23:53

.

Pre-Run: 434,266,714,112 bytes free

Post-Run: 434,286,301,184 bytes free

.

- - End Of File - - 3D472CD158CC9DE043F5370B3FBC7850

I followed all the steps on removing the old version of Java and installing the new one. Worked perfectly and I can see that I have it installed, but when I went to the link to test it it said that I did not have it. ????

Again, my thanks,

Joyce

Maurice Naggar · June 29, 2012

Joyce,

I suggest you do 1 online check and also re-run Security Check (which you already have).

Turn off your antivirus so that it does not interfere. Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

Scan whole System
Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

Joyceschiffer1 · June 29, 2012

Hi Maurice,

When I try to run the F-Secure Online Scanner, I freeze. I go to the main page click on the lower right corner to download on line scanner. A window pops up saying it will download Java. The progress bar fills in a second, the estimated time remaining thing says 0 seconds, then nothing. I waited about 10 minutes but cannot do anything. Cursor moves, but I cannot close the button, or return to the F Secure main page, or go to this tab. I do have my antivirus turned off.

Thanks,

Joyce

Maurice Naggar · June 29, 2012

Let's do this then --- just one time.

Start Internet Explorer. press SHIFT+CTRL+Delete keys to bring up IE dialog. Have it delete temporary files. allow it & confirm to do that.

Then, again, just one time - - we can make sure your Java is current, by the following:

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of >> Windows Offline << from here and save it to your desktop.
Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
Close any programs you may have running - especially your web browser(s).
Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

When all set, try the F-Secure scan just one time. Be sure you are using Internet Explorer browser !

Joyceschiffer1 · June 30, 2012

Having much better luck now. The Java install went fine and I verified that I have it. Here is the report from F-Secure, they didn't find anything, will run Secure Check again and post that.

Scanning Report

Friday, June 29, 2012 14:40:45 - 15:03:32

Computer name: JOYCE-PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

No malware found

Statistics

Scanned:

Files: 133394
System: 5735
Not scanned: 172

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSWOW64\LOG.TXT
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL
C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
C:\USERS\JOYCE\NTUSER.DAT
C:\USERS\JOYCE\NTUSER.DAT.LOG1
C:\USERS\JOYCE\NTUSER.DAT.LOG2
C:\USERS\JOYCE\APPDATA\LOCAL\TOSHIBA\FLASHCARDS\LOG.TXT
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG7010.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REG72C0.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\REGA0F0.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF4DBB17EAB102C398.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DFDBABE5578CD36762.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\TEMP\~DF52F75A5A6A284998.TMP
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{0F6A829C-C249-11E1-8424-047D7B747F58}.DAT
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{0F6A829D-C249-11E1-8424-047D7B747F58}.DAT
C:\USERS\JOYCE\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{53597643-C24A-11E1-8424-047D7B747F58}.DAT
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
C:\SYSTEM VOLUME INFORMATION\{1CA5DBE2-C147-11E1-8BA6-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{336824B3-C17F-11E1-A680-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{337048A6-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{337048AA-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{337048AE-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{337048B2-C181-11E1-AF69-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3DEA5C3F-B187-11E1-897D-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{416ADCC0-B57C-11E1-AA6F-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{60B3C704-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{60B3C723-B0B1-11E1-900C-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{7C377ABF-BE19-11E1-881E-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{C8B716C0-B316-11E1-9012-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8216CD6-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8216CDA-C248-11E1-8424-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{FE587156-C17C-11E1-8840-047D7B747F58}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT
C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT
C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT
C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT
C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT
C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT
C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT
C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT
C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT
C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT
C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT
C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT
C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT
C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT
C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT
C:\QOOBOX\BACKENV\SYSPATH.DAT
C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\010258AC4A4217754C155BAC94388462_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031C76FBE8F4903B156B9BB241BDA823_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\054FE8C507FAEE3F5A144114E0463F08_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0615590B0873E717D186BEE01360F0B1_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07F4FB150FCE873D10F23E67A6D37C7C_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0925D6933FF2B974EBAB3261FD7E92D8_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\199AD386A1FDBB8E7F3A872FCE3265FD_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19C3E665F6E5DFF6CD3ADF9E10B0575A_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C3A2D2259C497AACBA6510E6208C66F_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D46698231337DA45C3835A6E89F98DC_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2504F686AB2E5BB534B91D8EFD27A584_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\290BCD4940E8124D549ADE13B9CF2B88_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D1F8BCFB0094D4E6827D3BDCF7B5EC0_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343799448474C4D44B67E70BB82346F6_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\359669180D680ED6A7B4E28C8AFD40BB_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35C90D0075F56A05CAC84E98CFF48C56_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\378FF9DB80F09AFDABA04CFE1BF7EB91_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2CC2140DFEF054E3C3E0777BC14A6_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40CABC1DB9EDD669D10136F706B50C4F_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\415B9B317998F97090A6A19C8F206555_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44240C436D04AEE726BDDC7AAB7A5A79_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5789D4997BADA931065EA4620942196E_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40F110F965932325618F9129134B49C1_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C76F82453B34E6552B2DCEC3C808D83_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CE37A5F5BB02411ED642BBCF2DBE468_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45298FFC80787B8FB0620DE093325B7A_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2E91282EE222CC18E9AD0579ED95C4_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67D549002BB281DF5A4DFDE7F1104CCB_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E019C1455FAC382EA4D0D53E6AFDA1B_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7216727187BF9796F5DF8675E3FBDB66_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74DDB10EE659A16D786460A408F256ED_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79BC206C570753DF31922B42F9546E03_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A238516CCA0C288BA4DA8E1EEFE9BC2_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AD73F81DAA82C23D721C1F1FC60A0FD_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D54DA2166C2261C8A63A65AD0A3EFD6_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7ACEBBCEC7C73CF971117821582CE067_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B004F54EAA41A77B4DFCEEBC4CC78FE_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99EB03492186DCE8402C80DBC7754DB4_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\939B5385E1BAF87C604B5DEB1E22DC8C_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA9562D86F41EA976054B20AD1B0C77_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92F1785F58DDA2FDB76835BF31AD4F8A_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A05F674F852A4D466805444D8CEC0D9E_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE105E081C1CCA2A7DC86A20C36EF711_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C025FABC3AECF45F73DFC663E304C0A6_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE883EDC5BD522F1ED507CC2FDDD9FD3_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9C3286309C3DA170DB1B535800A78EF_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDD3FAE542AE2488D81AAC2A393E4E39_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D033E018AE52DE9F8BAE3DC6E82E6BBD_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2A3CEE03DC7B29974A7C8336093BBDD_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D71C765FD15D344F93AF75E9C9C4BB82_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB3068F9FCB8F981659723E2C850F9DC_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9164F7E6EBD20983E138941011096D_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE9C3ADEE348A6C635D622F3740D50A5_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0A0380748250137DCD2CC37146C1F88_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB133C8F67D17D86109CC272E157AA62_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9E3A81CEA5CD3355BE18279906DB6EC_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3F5C80489836903B1FEEA82EC237AD2_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAD82ECE470EEBC90C2618D26596F95D_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F41D89219C445F5D6F728D35E82771CF_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C760343D2A11799BFE0798B7A5B3524B_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F47B3CEF71DA89BC9BDE94A42B77D756_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CCCDB11C8FC14FA7FCC03FEAF4B7179_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA4FAB6A7ABD6E85795F6D97133DED42_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE124C2B141E8FE54C30F2E916D15EEB_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F85D8D011DAB7614FF390CF666CC42C7_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8A2B9837E84F9A5FF9DA9A794E55726_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7546966C76844E261F1E4EC5354EE44_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEC09F73AD856C8EDA559D8642A0F144_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF9E76BF58285069E6A7D63E1406A3A_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD32D388B5AF5CF07184EDF709766988_2DC29380-729C-48C8-9688-743FC55DE718
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEF20A66DC2F21072D36F5DC26B54585_2DC29380-729C-48C8-9688-743FC55DE718

Options

Scanning engines:

Scanning options:

Scan all files
Use advanced heuristics

Joyceschiffer1 · June 30, 2012

Here is the Security Check log:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.1

Java 7 Update 5

Adobe Reader X (10.1.3)

Mozilla Thunderbird (13.0.1)

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

Maurice Naggar · June 30, 2012

Joyce,

Very, very good.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

Advise me when you have completed the following cleanups.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\Joyce\Desktop\ComboFix /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

aswMBR.exe

GMER.exe

TDSSKILLER.exe

UNHIDE.exe

SecurityCheck.exe

You may go to Control Panel's Programs and Features >> locate F-Secure Online scan & select it, and right-click to uninstall (remove).

Close the applet when done. This will free up the space used by the scan utility.

Safer practices

Have a hardware router between the incoming internet-modem and your computer.
Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Critical Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
or Paragon Backup & Recovery http://www.paragon-s...e/download.html
Consider using Web of Trust WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
ESET Online Scanner
Panda ActiveScan
Trend Micro Housecall
F-Secure Online Scanner
See Six tips to help you stay safer online
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

Edited June 30, 2012 by Maurice Naggar

Joyceschiffer1 · June 30, 2012

Hi Maurice, Glad I was a good student, you are a wonderful instructor!

The removal of Combofix and OTC went perfectly. I don't see F-Secure in my Control Panel - Programs and Features list though.

We have paid for the upgraded Malwarebytes program and will be using it in the future.

Thank you so very much for all your help. Is there a way that I can pay you for your service? We have very limited rescources on this island for computer help and you really saved me lots of time, money and aggravation !

Aloha,

Joyce

Maurice Naggar · July 1, 2012

Aloha, Joyce.

Good going. You'll be well served by MBAM Pro. Congratulations.

My help is free. If you wish, you may consider donating to your favorite charity.

Wish you the best. Stay safe. I am closing this topic.

For casual readers: The specific fixes used here were only for this system, and not to be applied to another system.

Help with Removal Attach and DDS logs attached

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information