Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Buzzing and Freezing


  • Please log in to reply
6 replies to this topic

#1 H_Rachel

H_Rachel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 11 April 2012 - 08:36 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rachel at 21:29:53 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4061.1990 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381}\35F6E676 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381}\378656271647F6E6F5075726C69636 : DhcpNameServer = 10.255.1.1
TCP: Interfaces\{EAEA7736-A2F2-4D0A-AC91-9CCD16D015DC} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: GameBox Toolbar: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: GameBox Toolbar: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\Rachel\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Users\Rachel\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-9 14904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-6-9 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-12 01:17:15 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-04-12 01:04:15 -------- d-----w- C:\Users\Rachel\AppData\Local\{20E461F4-93B3-42AD-A439-9BDD97257B66}
2012-04-11 20:50:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 20:50:21 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 20:50:21 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 20:50:20 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 20:50:20 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 20:50:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 20:50:20 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 03:37:27 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 03:37:27 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 03:37:26 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-10 22:16:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{91CC7EBF-34DF-42D8-80DC-5CAEDCE4413B}
2012-04-09 23:47:05 -------- d-----w- C:\Users\Rachel\AppData\Local\{45481639-9498-41F9-9B65-7B5F1B4D825B}
2012-04-08 15:21:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{ED6AA359-0312-4F06-8B6B-F2B6A4F617B2}
2012-04-04 16:17:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{636382E6-72C5-41AC-9968-A2C0D023B58D}
2012-04-03 19:59:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{B4ED50EB-37E0-4EA0-9387-7014FE3CB5BB}
2012-04-02 17:42:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{EE3C6B85-DCAB-41AB-B2ED-19929EE6F728}
2012-04-01 02:25:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-01 02:25:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-01 01:15:54 -------- d-----w- C:\Windows\System32\SPReview
2012-03-30 16:33:34 -------- d-----w- C:\Users\Rachel\AppData\Local\{73D1F533-E531-4369-A0A0-FA955AA7672E}
2012-03-29 02:12:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{231D55C4-7507-4F29-9F2E-018FCE4BE6AC}
2012-03-28 21:59:07 -------- d-----w- C:\Users\Rachel\AppData\Local\{94F5431C-E830-4246-AE7E-B4A9D4A2977A}
2012-03-28 21:58:43 -------- d-----w- C:\Users\Rachel\AppData\Local\{54ED3591-8425-4427-A967-025BB644E9E2}
2012-03-28 19:57:39 -------- d-----w- C:\Users\Rachel\AppData\Local\{D7FA2C11-94F1-4AB4-BE2B-54318DAFE85C}
2012-03-28 19:57:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{57DC73A6-7ACF-4916-A9F7-3FF3AFD755C5}
2012-03-28 19:46:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{871284E1-8296-43B9-AF3D-AD5B9198FBF0}
2012-03-28 19:46:07 -------- d-----w- C:\Users\Rachel\AppData\Local\{C7CAD6A7-71BC-4AE2-9DDF-1A439C6BB067}
2012-03-28 06:27:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{1E1D964E-E0C3-4EB2-9287-80E3B51A2DCE}
2012-03-28 06:27:00 -------- d-----w- C:\Users\Rachel\AppData\Local\{35079411-971C-4500-AA8E-02066C967BC2}
2012-03-27 16:48:45 -------- d-----w- C:\Users\Rachel\AppData\Local\{114A1ABD-E84F-4CC0-9CCD-54D550D3EEC4}
2012-03-27 16:48:33 -------- d-----w- C:\Users\Rachel\AppData\Local\{ED450397-4E44-4339-AF70-0767E8684652}
2012-03-27 01:19:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{1F34A503-F51B-4755-9A09-7EFF8B8B13C7}
2012-03-27 01:18:45 -------- d-----w- C:\Users\Rachel\AppData\Local\{71435709-A3FB-418D-AFCC-3656E7D8AE96}
2012-03-26 21:45:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{A725E359-F822-4CA4-B1D9-3F8E07005D5B}
2012-03-26 21:44:48 -------- d-----w- C:\Users\Rachel\AppData\Local\{779EB06D-3418-4BE5-8D63-46AE077D8CF2}
2012-03-26 16:51:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{87BAC086-9AB9-4B27-81E0-9A08B22C8248}
2012-03-26 16:50:41 -------- d-----w- C:\Users\Rachel\AppData\Local\{F888F695-25AC-42FF-9DD1-7B732CE930E6}
2012-03-26 05:42:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{2E72E264-CC5F-4230-B5BB-EE87C656D9AC}
2012-03-26 05:41:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{237A35CC-B2F1-4256-8893-089B69B1839D}
2012-03-25 18:42:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{A56A0958-7D6F-4063-BAE8-792F72E06A09}
2012-03-25 18:41:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{11766E25-B59E-4CC5-BFAE-53887D05C7BF}
2012-03-25 03:26:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{3CAA9016-FEFD-42F0-9083-8F5526548052}
2012-03-25 03:26:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{0B58F54E-0917-4209-9347-193F58212B05}
2012-03-24 19:25:27 -------- d-----w- C:\Users\Rachel\AppData\Local\{70FA9610-AFF5-4C5A-A3EE-B7218E054EEB}
2012-03-24 19:25:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{E4C47ECA-E14D-45C8-A791-740FDEB2539A}
2012-03-24 01:47:12 -------- d-----w- C:\Users\Rachel\AppData\Local\{5948A5E3-5F42-4FCD-BD0A-FE88C8F2F083}
2012-03-24 01:46:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{4AB8F0A1-B1F5-48E9-AB14-883B2AF6448E}
2012-03-23 20:21:15 -------- d-----w- C:\Users\Rachel\AppData\Local\{75DBC2C6-E808-40A1-B50A-4F8F6556F069}
2012-03-23 20:20:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{A0C6D246-FA7B-4847-858C-4CAECCD85D93}
2012-03-23 04:34:32 -------- d-----w- C:\Users\Rachel\AppData\Local\{DDF6F365-B1F6-477D-B98E-2966089BD018}
2012-03-23 04:34:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{11216E9D-3BD1-41C1-A9DF-E5ABF0CEC1E3}
2012-03-22 17:33:24 -------- d-----w- C:\Users\Rachel\AppData\Local\{87649A2A-955E-49F1-9C95-5A84F2F559AA}
2012-03-22 17:33:13 -------- d-----w- C:\Users\Rachel\AppData\Local\{2BCEF99C-8A43-48CF-9ED6-74003EA9CB3F}
2012-03-22 14:40:40 -------- d-----w- C:\Users\Rachel\AppData\Local\{5DB84010-9D82-419A-9BE2-956077F05E07}
2012-03-22 14:40:18 -------- d-----w- C:\Users\Rachel\AppData\Local\{C132AEE3-57C6-4F85-8DCD-F5F979D8E075}
2012-03-22 06:48:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{4601498B-D0D5-4C2E-B14F-779282CC3635}
2012-03-22 06:47:57 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD3F54E1-CD8A-4025-BC7E-6ECF1590F4F8}
2012-03-21 21:58:59 -------- d-----w- C:\Users\Rachel\AppData\Local\{32CD0521-CCE1-4FC6-A181-A5E5867D683D}
2012-03-21 21:58:27 -------- d-----w- C:\Users\Rachel\AppData\Local\{233983A4-1E50-4D48-9FA0-1E46F925BFCE}
2012-03-21 20:47:01 -------- d-----w- C:\Users\Rachel\AppData\Local\Amazon
2012-03-21 18:29:02 -------- d-----w- C:\Users\Rachel\AppData\Local\{BDC6CDDA-DA44-47B3-8611-E9E2549D5B03}
2012-03-21 18:28:46 -------- d-----w- C:\Users\Rachel\AppData\Local\{59BC7D14-1C97-40C0-9C4F-FD5178871E78}
2012-03-21 03:54:41 -------- d-----w- C:\Users\Rachel\AppData\Local\{3096F201-6FAF-4530-93EE-B2B4B56F731F}
2012-03-20 22:27:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{36646BED-E9CC-4604-870D-4A2609FF72D0}
2012-03-20 22:27:02 -------- d-----w- C:\Users\Rachel\AppData\Local\{020F9750-E6FB-486F-80B2-CDCAB5DBBE01}
2012-03-20 17:26:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{64310BC9-32BB-4FCD-81A7-0A376F809612}
2012-03-20 17:26:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{6BA2EA84-023F-4FE7-B419-E6799C91A569}
2012-03-20 02:43:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{BDF21F3D-B249-45F2-AF4C-6EDDFCE03604}
2012-03-20 02:43:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{42321C99-8211-4343-8FE7-CE713129EFCD}
2012-03-19 14:35:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{553121CF-AE80-4AC2-BCC5-239B1C7E6CD3}
2012-03-19 14:34:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{4478DF64-E83C-4D21-9021-46F773CAB8B9}
2012-03-19 04:41:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{F95F82C6-2E2D-4C4F-9DA5-2433278F9149}
2012-03-19 04:40:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{893EF797-1278-44DE-8755-E2298EE760D8}
2012-03-18 02:25:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{8A5088C7-AF76-470D-B224-DB719BD6C750}
2012-03-18 02:25:32 -------- d-----w- C:\Users\Rachel\AppData\Local\{64F3F2F9-78BF-4886-90F8-F66E31F860F0}
2012-03-17 17:02:58 -------- d-----w- C:\Users\Rachel\AppData\Local\{E9843823-B6A9-4089-98B6-07CCA525E1A2}
2012-03-17 17:02:43 -------- d-----w- C:\Users\Rachel\AppData\Local\{A15F294B-C2C7-47E1-A90C-13E3AC947ACF}
2012-03-17 03:37:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD8CAB5A-575D-4B91-ADFC-DE1D76248C9F}
2012-03-17 03:36:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{A479C8ED-0E4A-4A26-B913-5B0C4A7B07C2}
2012-03-17 01:39:37 -------- d-----w- C:\Users\Rachel\AppData\Local\{4665FC65-AC14-4A1D-B801-BD3C2DD06E70}
2012-03-17 01:39:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{CEF8A784-B38A-4F61-9081-FF752D849B95}
2012-03-16 22:01:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{FB71106A-DFB8-47BA-A3AB-663ED8F0E318}
2012-03-16 22:00:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{CDA8054F-5AF8-42C3-8F58-CC80D757165B}
2012-03-16 18:28:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{1D71F01D-D1C5-481C-ACBD-06F50F00FB58}
2012-03-16 18:28:34 -------- d-----w- C:\Users\Rachel\AppData\Local\{A99E34FA-3FEA-4145-906F-BD86AE1F6AB6}
2012-03-14 19:56:38 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD2A9D55-B45A-41EC-B42B-2D6EF0531B74}
2012-03-14 19:56:17 -------- d-----w- C:\Users\Rachel\AppData\Local\{7DD3A907-A68B-433A-AF1E-049BB88405B0}
2012-03-14 17:17:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{1D1E6290-BEC2-4387-B1C7-9D178CA868BA}
2012-03-14 17:16:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{615F20F3-B502-41B0-8042-A9CD686B17BE}
2012-03-14 15:25:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 15:25:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 15:25:25 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:23:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:23:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 15:23:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 15:23:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:23:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:42:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{6F653B7D-72DC-44D4-8821-33DF7EA59B2C}
2012-03-14 04:42:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{130999F1-B147-40DB-B3A8-D1EEAC97F8B3}
2012-03-13 17:01:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{F491F892-C259-4CB2-9D91-891E55BFB586}
2012-03-13 17:01:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{8E2295CD-4901-4F0E-92A4-96202722D854}
.
==================== Find3M ====================
.
2012-04-01 01:36:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-01 01:36:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-03 05:38:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 21:31:56.31 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/09/2010 4:26:50 PM
System Uptime: 11/04/2012 7:31:53 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K50IJ
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Socket 478 | 1196/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 6.436 GiB free.
D: is FIXED (NTFS) - 204 GiB total, 199.275 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 11/04/2012 4:49:37 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.6 MUI
Akamai NetSession Interface
Akamai NetSession Interface Service
Alcor Micro USB Card Reader
Alice Greenfingers
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Bing Bar
Bing Bar Platform
BioShock
Boingo Wi-Fi
Brother MFL-Pro Suite DCP-7030
Chicken Invaders 2
ControlDeck
CyberLink Power2Go
D3DX10
Dream Day Wedding Married in Manhattan
Free Audio CD Burner version 1.4.7
Game Park Console
GameBox Toolbar
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel AppUp(SM) center
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Magic ISO Maker v5.5 (build 0281)
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
MySQL Connector/ODBC 3.51
Pando Media Booster
Platform
Portal 2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 4.2
Smileyville FREE
SpeedFan (remove only)
Steam
The Elder Scrolls V: Skyrim
Times Reader
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
WebSlingPlayer ActiveX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
11/04/2012 1:37:29 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/04/2012 11:34:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2653956).
09/04/2012 11:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rachel-PC\Rachel SID (S-1-5-21-3867312247-1846392422-1896497781-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2012 11:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rachel-PC\Rachel SID (S-1-5-21-3867312247-1846392422-1896497781-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
07/04/2012 5:51:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
07/04/2012 5:51:58 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

============= FINISH: 21:31:56.31 ===============

Edited by H_Rachel, 11 April 2012 - 08:43 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2012 - 08:37 PM

I got this log.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2012 - 08:46 PM

Hello.

Download, Install, and Save Log with HijackThis
  • Download the installer HERE onto your desktop and double click it.
  • You may be asked for confirmation for running an executable file. Select Run.
  • You will be asked choose the install location. Please leave it at the default:
    C:\Program Files\Trend Micro\HijackThis.
  • Select Install.
  • The installation process should only take a few seconds. A shortcut named HijackThis will be created on your desktop so there will be no need to access the HijackThis program directly. The HijackThis window will pop-up after the installation.
  • Click Do a System Scan and Save a Log File.
  • The scan will complete in a moment and the log will pop-up.
  • Copy the contents of the log into your next post.


#4 H_Rachel

H_Rachel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 11 April 2012 - 08:48 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:36 PM, on 11/04/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14931 bytes

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2012 - 08:52 PM

Hello.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop. If you are using Windows Vista or 7, right click the shortcut and select Run as Administrator.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box. Put a checkmark next to the following entries:


    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe"


  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2012 - 09:00 PM

Hello.

Please also remove these. Make sure to open HJT with Run as Administrator,

O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

#7 H_Rachel

H_Rachel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 11 April 2012 - 09:15 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rachel at 22:10:16 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4061.2606 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
mWinlogon: Userinit=userinit.exe
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381}\35F6E676 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{A0FB1452-86E5-4FAD-9E36-B47EC9B9C381}\378656271647F6E6F5075726C69636 : DhcpNameServer = 10.255.1.1
TCP: Interfaces\{EAEA7736-A2F2-4D0A-AC91-9CCD16D015DC} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\Rachel\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Users\Rachel\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-9 14904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-6-9 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-12 01:48:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-12 01:17:15 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-04-12 01:04:15 -------- d-----w- C:\Users\Rachel\AppData\Local\{20E461F4-93B3-42AD-A439-9BDD97257B66}
2012-04-11 20:50:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 20:50:21 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 20:50:21 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 20:50:20 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 20:50:20 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 20:50:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 20:50:20 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 03:37:27 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 03:37:27 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 03:37:26 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-10 22:16:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{91CC7EBF-34DF-42D8-80DC-5CAEDCE4413B}
2012-04-09 23:47:05 -------- d-----w- C:\Users\Rachel\AppData\Local\{45481639-9498-41F9-9B65-7B5F1B4D825B}
2012-04-08 15:21:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{ED6AA359-0312-4F06-8B6B-F2B6A4F617B2}
2012-04-04 16:17:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{636382E6-72C5-41AC-9968-A2C0D023B58D}
2012-04-03 19:59:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{B4ED50EB-37E0-4EA0-9387-7014FE3CB5BB}
2012-04-02 17:42:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{EE3C6B85-DCAB-41AB-B2ED-19929EE6F728}
2012-04-01 02:25:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-01 02:25:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-01 01:15:54 -------- d-----w- C:\Windows\System32\SPReview
2012-03-30 16:33:34 -------- d-----w- C:\Users\Rachel\AppData\Local\{73D1F533-E531-4369-A0A0-FA955AA7672E}
2012-03-29 02:12:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{231D55C4-7507-4F29-9F2E-018FCE4BE6AC}
2012-03-28 21:59:07 -------- d-----w- C:\Users\Rachel\AppData\Local\{94F5431C-E830-4246-AE7E-B4A9D4A2977A}
2012-03-28 21:58:43 -------- d-----w- C:\Users\Rachel\AppData\Local\{54ED3591-8425-4427-A967-025BB644E9E2}
2012-03-28 19:57:39 -------- d-----w- C:\Users\Rachel\AppData\Local\{D7FA2C11-94F1-4AB4-BE2B-54318DAFE85C}
2012-03-28 19:57:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{57DC73A6-7ACF-4916-A9F7-3FF3AFD755C5}
2012-03-28 19:46:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{871284E1-8296-43B9-AF3D-AD5B9198FBF0}
2012-03-28 19:46:07 -------- d-----w- C:\Users\Rachel\AppData\Local\{C7CAD6A7-71BC-4AE2-9DDF-1A439C6BB067}
2012-03-28 06:27:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{1E1D964E-E0C3-4EB2-9287-80E3B51A2DCE}
2012-03-28 06:27:00 -------- d-----w- C:\Users\Rachel\AppData\Local\{35079411-971C-4500-AA8E-02066C967BC2}
2012-03-27 16:48:45 -------- d-----w- C:\Users\Rachel\AppData\Local\{114A1ABD-E84F-4CC0-9CCD-54D550D3EEC4}
2012-03-27 16:48:33 -------- d-----w- C:\Users\Rachel\AppData\Local\{ED450397-4E44-4339-AF70-0767E8684652}
2012-03-27 01:19:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{1F34A503-F51B-4755-9A09-7EFF8B8B13C7}
2012-03-27 01:18:45 -------- d-----w- C:\Users\Rachel\AppData\Local\{71435709-A3FB-418D-AFCC-3656E7D8AE96}
2012-03-26 21:45:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{A725E359-F822-4CA4-B1D9-3F8E07005D5B}
2012-03-26 21:44:48 -------- d-----w- C:\Users\Rachel\AppData\Local\{779EB06D-3418-4BE5-8D63-46AE077D8CF2}
2012-03-26 16:51:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{87BAC086-9AB9-4B27-81E0-9A08B22C8248}
2012-03-26 16:50:41 -------- d-----w- C:\Users\Rachel\AppData\Local\{F888F695-25AC-42FF-9DD1-7B732CE930E6}
2012-03-26 05:42:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{2E72E264-CC5F-4230-B5BB-EE87C656D9AC}
2012-03-26 05:41:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{237A35CC-B2F1-4256-8893-089B69B1839D}
2012-03-25 18:42:10 -------- d-----w- C:\Users\Rachel\AppData\Local\{A56A0958-7D6F-4063-BAE8-792F72E06A09}
2012-03-25 18:41:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{11766E25-B59E-4CC5-BFAE-53887D05C7BF}
2012-03-25 03:26:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{3CAA9016-FEFD-42F0-9083-8F5526548052}
2012-03-25 03:26:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{0B58F54E-0917-4209-9347-193F58212B05}
2012-03-24 19:25:27 -------- d-----w- C:\Users\Rachel\AppData\Local\{70FA9610-AFF5-4C5A-A3EE-B7218E054EEB}
2012-03-24 19:25:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{E4C47ECA-E14D-45C8-A791-740FDEB2539A}
2012-03-24 01:47:12 -------- d-----w- C:\Users\Rachel\AppData\Local\{5948A5E3-5F42-4FCD-BD0A-FE88C8F2F083}
2012-03-24 01:46:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{4AB8F0A1-B1F5-48E9-AB14-883B2AF6448E}
2012-03-23 20:21:15 -------- d-----w- C:\Users\Rachel\AppData\Local\{75DBC2C6-E808-40A1-B50A-4F8F6556F069}
2012-03-23 20:20:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{A0C6D246-FA7B-4847-858C-4CAECCD85D93}
2012-03-23 04:34:32 -------- d-----w- C:\Users\Rachel\AppData\Local\{DDF6F365-B1F6-477D-B98E-2966089BD018}
2012-03-23 04:34:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{11216E9D-3BD1-41C1-A9DF-E5ABF0CEC1E3}
2012-03-22 17:33:24 -------- d-----w- C:\Users\Rachel\AppData\Local\{87649A2A-955E-49F1-9C95-5A84F2F559AA}
2012-03-22 17:33:13 -------- d-----w- C:\Users\Rachel\AppData\Local\{2BCEF99C-8A43-48CF-9ED6-74003EA9CB3F}
2012-03-22 14:40:40 -------- d-----w- C:\Users\Rachel\AppData\Local\{5DB84010-9D82-419A-9BE2-956077F05E07}
2012-03-22 14:40:18 -------- d-----w- C:\Users\Rachel\AppData\Local\{C132AEE3-57C6-4F85-8DCD-F5F979D8E075}
2012-03-22 06:48:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{4601498B-D0D5-4C2E-B14F-779282CC3635}
2012-03-22 06:47:57 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD3F54E1-CD8A-4025-BC7E-6ECF1590F4F8}
2012-03-21 21:58:59 -------- d-----w- C:\Users\Rachel\AppData\Local\{32CD0521-CCE1-4FC6-A181-A5E5867D683D}
2012-03-21 21:58:27 -------- d-----w- C:\Users\Rachel\AppData\Local\{233983A4-1E50-4D48-9FA0-1E46F925BFCE}
2012-03-21 20:47:01 -------- d-----w- C:\Users\Rachel\AppData\Local\Amazon
2012-03-21 18:29:02 -------- d-----w- C:\Users\Rachel\AppData\Local\{BDC6CDDA-DA44-47B3-8611-E9E2549D5B03}
2012-03-21 18:28:46 -------- d-----w- C:\Users\Rachel\AppData\Local\{59BC7D14-1C97-40C0-9C4F-FD5178871E78}
2012-03-21 03:54:41 -------- d-----w- C:\Users\Rachel\AppData\Local\{3096F201-6FAF-4530-93EE-B2B4B56F731F}
2012-03-20 22:27:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{36646BED-E9CC-4604-870D-4A2609FF72D0}
2012-03-20 22:27:02 -------- d-----w- C:\Users\Rachel\AppData\Local\{020F9750-E6FB-486F-80B2-CDCAB5DBBE01}
2012-03-20 17:26:28 -------- d-----w- C:\Users\Rachel\AppData\Local\{64310BC9-32BB-4FCD-81A7-0A376F809612}
2012-03-20 17:26:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{6BA2EA84-023F-4FE7-B419-E6799C91A569}
2012-03-20 02:43:50 -------- d-----w- C:\Users\Rachel\AppData\Local\{BDF21F3D-B249-45F2-AF4C-6EDDFCE03604}
2012-03-20 02:43:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{42321C99-8211-4343-8FE7-CE713129EFCD}
2012-03-19 14:35:16 -------- d-----w- C:\Users\Rachel\AppData\Local\{553121CF-AE80-4AC2-BCC5-239B1C7E6CD3}
2012-03-19 14:34:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{4478DF64-E83C-4D21-9021-46F773CAB8B9}
2012-03-19 04:41:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{F95F82C6-2E2D-4C4F-9DA5-2433278F9149}
2012-03-19 04:40:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{893EF797-1278-44DE-8755-E2298EE760D8}
2012-03-18 02:25:54 -------- d-----w- C:\Users\Rachel\AppData\Local\{8A5088C7-AF76-470D-B224-DB719BD6C750}
2012-03-18 02:25:32 -------- d-----w- C:\Users\Rachel\AppData\Local\{64F3F2F9-78BF-4886-90F8-F66E31F860F0}
2012-03-17 17:02:58 -------- d-----w- C:\Users\Rachel\AppData\Local\{E9843823-B6A9-4089-98B6-07CCA525E1A2}
2012-03-17 17:02:43 -------- d-----w- C:\Users\Rachel\AppData\Local\{A15F294B-C2C7-47E1-A90C-13E3AC947ACF}
2012-03-17 03:37:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD8CAB5A-575D-4B91-ADFC-DE1D76248C9F}
2012-03-17 03:36:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{A479C8ED-0E4A-4A26-B913-5B0C4A7B07C2}
2012-03-17 01:39:37 -------- d-----w- C:\Users\Rachel\AppData\Local\{4665FC65-AC14-4A1D-B801-BD3C2DD06E70}
2012-03-17 01:39:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{CEF8A784-B38A-4F61-9081-FF752D849B95}
2012-03-16 22:01:09 -------- d-----w- C:\Users\Rachel\AppData\Local\{FB71106A-DFB8-47BA-A3AB-663ED8F0E318}
2012-03-16 22:00:47 -------- d-----w- C:\Users\Rachel\AppData\Local\{CDA8054F-5AF8-42C3-8F58-CC80D757165B}
2012-03-16 18:28:51 -------- d-----w- C:\Users\Rachel\AppData\Local\{1D71F01D-D1C5-481C-ACBD-06F50F00FB58}
2012-03-16 18:28:34 -------- d-----w- C:\Users\Rachel\AppData\Local\{A99E34FA-3FEA-4145-906F-BD86AE1F6AB6}
2012-03-14 19:56:38 -------- d-----w- C:\Users\Rachel\AppData\Local\{DD2A9D55-B45A-41EC-B42B-2D6EF0531B74}
2012-03-14 19:56:17 -------- d-----w- C:\Users\Rachel\AppData\Local\{7DD3A907-A68B-433A-AF1E-049BB88405B0}
2012-03-14 17:17:03 -------- d-----w- C:\Users\Rachel\AppData\Local\{1D1E6290-BEC2-4387-B1C7-9D178CA868BA}
2012-03-14 17:16:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{615F20F3-B502-41B0-8042-A9CD686B17BE}
2012-03-14 15:25:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 15:25:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 15:25:25 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:23:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:23:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 15:23:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 15:23:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:23:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:42:49 -------- d-----w- C:\Users\Rachel\AppData\Local\{6F653B7D-72DC-44D4-8821-33DF7EA59B2C}
2012-03-14 04:42:25 -------- d-----w- C:\Users\Rachel\AppData\Local\{130999F1-B147-40DB-B3A8-D1EEAC97F8B3}
2012-03-13 17:01:36 -------- d-----w- C:\Users\Rachel\AppData\Local\{F491F892-C259-4CB2-9D91-891E55BFB586}
2012-03-13 17:01:14 -------- d-----w- C:\Users\Rachel\AppData\Local\{8E2295CD-4901-4F0E-92A4-96202722D854}
.
==================== Find3M ====================
.
2012-04-01 01:36:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-01 01:36:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-03 05:38:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 22:13:31.13 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/09/2010 4:26:50 PM
System Uptime: 11/04/2012 10:05:12 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K50IJ
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Socket 478 | 1196/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 6.336 GiB free.
D: is FIXED (NTFS) - 204 GiB total, 199.275 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 11/04/2012 4:49:37 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.6 MUI
Akamai NetSession Interface
Akamai NetSession Interface Service
Alcor Micro USB Card Reader
Alice Greenfingers
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Bing Bar
Bing Bar Platform
BioShock
Boingo Wi-Fi
Brother MFL-Pro Suite DCP-7030
Chicken Invaders 2
ControlDeck
CyberLink Power2Go
D3DX10
Dream Day Wedding Married in Manhattan
Free Audio CD Burner version 1.4.7
Game Park Console
GameBox Toolbar
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Intel AppUp(SM) center
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Magic ISO Maker v5.5 (build 0281)
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
MySQL Connector/ODBC 3.51
Pando Media Booster
Platform
Portal 2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 4.2
Smileyville FREE
SpeedFan (remove only)
Steam
The Elder Scrolls V: Skyrim
Times Reader
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
WebSlingPlayer ActiveX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
11/04/2012 1:37:29 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/04/2012 11:34:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 for x64-based Systems (KB2653956).
09/04/2012 11:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rachel-PC\Rachel SID (S-1-5-21-3867312247-1846392422-1896497781-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2012 11:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rachel-PC\Rachel SID (S-1-5-21-3867312247-1846392422-1896497781-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
07/04/2012 5:51:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
07/04/2012 5:51:58 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users