Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with wanghizsong


  • This topic is locked This topic is locked
33 replies to this topic

#1 jenwemp

jenwemp

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 24 February 2014 - 08:45 PM

I currently have a user account showing up as: wanghizsong

 

My AVG and Windows Defender did not detect this virus.

 

Some of the atypical behavior I was seeing on my laptop is that I get errors that I don't have permission to copy, modify, delete many of my files. I also was not able to access either of my printers because there were error messages saying I didn't have permissions. I did a complete backup and system restore to my PC. Printing, files, etc worked fine. When I did a restore from the backup, I began to see permission errors again. 

 

I was actually on a help chat with Intuit Customer Service because I was getting the error message that I didn't have permission to access my file. The Customer Service rep was actually the one that helped me realize about the unidentified User Account.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6001.18527
Run by jenwemp at 17:32:59 on 2014-02-24
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2939.839 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.5.0.134\InstStub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Toshiba Registration\Registration.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.5.0.134\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\partner.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [1544741396] c:\program files\toshiba registration\registration.exe /r "c:\program files\toshiba registration\Registration.rpd"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [TANU] c:\program files\toshiba\tanu\TANU.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{87868441-36E2-4E4F-9EF9-2A8F6F6D8CA5} : DHCPNameServer = 192.168.43.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2014-2-17 25896]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2014-2-17 20544]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-1-10 1435680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.134\ccSvcHst.exe [2014-2-17 115560]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2014-2-17 22272]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2014-2-17 346112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2014-2-17 110576]
.
=============== Created Last 30 ================
.
2014-02-24 23:21:27 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42a16096-a2bd-4bdc-97db-a06979b592b4}\offreg.dll
2014-02-24 23:17:20 -------- d-----w- c:\users\jenwemp\appdata\roaming\AVG2014
2014-02-24 23:16:14 -------- d-----w- c:\users\jenwemp\appdata\roaming\TuneUp Software
2014-02-24 23:14:46 -------- d-----w- c:\programdata\AVG2014
2014-02-24 23:08:39 -------- d--h--w- c:\programdata\Common Files
2014-02-24 23:08:39 -------- d-----w- c:\users\jenwemp\appdata\local\MFAData
2014-02-24 23:08:39 -------- d-----w- c:\users\jenwemp\appdata\local\Avg2014
2014-02-24 23:08:39 -------- d-----w- c:\programdata\MFAData
2014-02-24 22:19:36 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42a16096-a2bd-4bdc-97db-a06979b592b4}\mpengine.dll
2014-02-24 22:06:04 -------- d-----w- c:\users\jenwemp\appdata\local\Intuit
2014-02-24 22:04:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 22:04:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 21:49:34 -------- d-----w- c:\programdata\FitbitConnect
2014-02-24 21:47:04 -------- d-----w- c:\users\jenwemp\appdata\local\QuickenWindow
2014-02-19 05:55:40 -------- d-----w- c:\program files\TurboTax
2014-02-19 05:46:57 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2014-02-19 05:46:49 4200744 ----a-w- c:\windows\system32\cdintf400.dll
2014-02-19 05:45:54 -------- d-----w- c:\program files\common files\Intuit
2014-02-19 05:45:46 -------- d-----w- c:\users\jenwemp\appdata\roaming\Intuit
2014-02-19 05:45:46 -------- d-----w- c:\program files\Quicken
2014-02-19 05:42:54 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-02-19 05:42:54 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-02-19 05:42:54 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-02-19 05:42:54 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-02-19 05:42:54 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-02-19 05:42:04 -------- d-----w- c:\programdata\Intuit
2014-02-19 05:33:31 -------- d-----w- c:\users\jenwemp\appdata\local\Protexis
2014-02-19 05:33:31 -------- d-----w- c:\programdata\Protexis
2014-02-19 05:19:50 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP83.DLL
2014-02-19 05:19:50 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD83.DLL
2014-02-19 05:18:11 198656 ----a-w- c:\windows\system32\CNMLM83.DLL
2014-02-19 05:16:51 17920 ----a-w- c:\windows\system32\netevent.dll
2014-02-19 05:16:51 125952 ----a-w- c:\windows\system32\srvsvc.dll
2014-02-19 05:16:39 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-02-19 05:02:14 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2014-02-18 00:04:37 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-02-18 00:04:31 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-17 23:35:31 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-02-17 23:35:31 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-17 23:35:30 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-02-17 23:35:30 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-02-17 23:35:30 11264 ----a-w- c:\windows\system32\icardres.dll
2014-02-17 23:35:29 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-02-17 23:30:23 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-02-17 23:30:20 83968 ----a-w- c:\windows\system32\mscories.dll
2014-02-17 23:28:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-02-17 23:28:09 411136 ----a-w- c:\windows\system32\drivers\http.sys
2014-02-17 23:28:09 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-02-17 23:27:37 231936 ----a-w- c:\windows\system32\msshsq.dll
2014-02-17 23:23:21 429056 ----a-w- c:\windows\system32\EncDec.dll
2014-02-17 23:23:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-17 23:21:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2014-02-17 23:21:31 19968 ----a-w- c:\windows\system32\ARP.EXE
2014-02-17 23:21:31 104960 ----a-w- c:\windows\system32\netiohlp.dll
2014-02-17 23:21:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2014-02-17 23:21:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2014-02-17 23:21:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2014-02-17 23:21:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2014-02-17 23:21:30 10240 ----a-w- c:\windows\system32\finger.exe
2014-02-17 23:20:53 213504 ----a-w- c:\windows\system32\msv1_0.dll
2014-02-17 23:20:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-02-17 23:20:36 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-02-17 23:20:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-02-17 23:20:36 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-02-17 23:20:36 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2014-02-17 23:20:36 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2014-02-17 23:20:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-17 23:18:53 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2014-02-17 23:17:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-02-17 23:14:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2014-02-17 23:14:30 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-02-17 23:14:30 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-02-17 23:14:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-02-17 23:14:30 31744 ----a-w- c:\windows\system32\msvidc32.dll
2014-02-17 23:14:30 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-02-17 23:14:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-02-17 23:14:30 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-02-17 23:14:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-02-17 23:14:27 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-02-17 23:14:25 276992 ----a-w- c:\windows\system32\schannel.dll
2014-02-17 23:04:11 -------- d-----w- c:\users\jenwemp\appdata\local\Deployment
2014-02-17 23:04:11 -------- d-----w- c:\users\jenwemp\appdata\local\Apps
2014-02-17 21:53:31 -------- d-----w- c:\users\jenwemp\appdata\local\Google
2014-02-17 21:53:29 -------- d-----w- c:\users\jenwemp\appdata\local\Toshiba
2014-02-17 21:52:44 -------- d-----w- c:\users\jenwemp\appdata\local\VirtualStore
2014-02-17 21:52:20 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2014-02-17 19:40:09 -------- d-----w- c:\programdata\Partner
2014-02-17 19:36:12 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2014-02-17 19:35:11 -------- d-----w- c:\program files\common files\Toshiba Shared
2014-02-17 19:34:54 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2014-02-17 19:34:51 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-02-17 19:31:10 22272 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2014-02-17 19:28:56 364544 ----a-w- c:\windows\system32\RtlLib.dll
2014-02-17 19:28:56 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2014-02-17 19:28:56 155648 ----a-w- c:\windows\system32\IpLib.dll
2014-02-17 19:28:56 131072 ----a-w- c:\windows\system32\EnumDevLib.dll
2014-02-17 19:28:56 1069056 ----a-w- c:\windows\system32\libeay32.dll
2014-02-17 19:27:48 238912 ----a-w- c:\windows\system32\tosmreg.exe
2014-02-17 19:27:47 -------- d-----w- c:\program files\ltmoh
2014-02-17 19:27:32 -------- d-----w- c:\windows\Options
2014-02-17 19:26:10 346112 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2014-02-17 19:26:10 -------- d-----w- c:\program files\Realtek WLAN Driver
2014-02-17 19:24:36 -------- d-----w- c:\program files\Synaptics
2014-02-17 19:23:33 -------- d-----w- c:\windows\system32\sda
2014-02-17 19:23:32 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2014-02-17 19:23:32 63488 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2014-02-17 19:19:30 24576 ----a-w- c:\windows\system32\TSCI.dll
2014-02-17 19:19:30 24576 ----a-w- c:\windows\system32\THCI.dll
2014-02-17 19:15:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2014-02-17 19:13:06 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-02-17 19:13:06 163840 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2014-02-17 19:13:06 -------- d-----w- c:\program files\Realtek
2014-02-17 19:10:59 920088 ----a-w- c:\windows\system32\igxpun.exe
2014-02-17 19:10:59 319456 ----a-w- c:\windows\system32\difxapi.dll
2014-02-17 19:10:59 -------- d-----w- c:\windows\system32\Lang
2014-02-17 19:07:32 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2014-02-17 19:00:07 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-02-17 19:00:07 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-02-17 18:59:36 -------- d-----w- c:\windows\PCHEALTH
2014-02-11 21:36:47 -------- dc----w- c:\users\jenwemp\appdata\local\Western Digital
2014-02-11 21:35:59 -------- dc----w- c:\users\jenwemp\appdata\local\Western_Digital_Technolog
2014-02-11 21:31:34 -------- dc----w- c:\program files\Western Digital
2014-02-06 00:16:32 -------- dc----w- c:\users\jenwemp\appdata\local\MigWiz
.
==================== Find3M  ====================
.
2014-02-17 19:39:42 89776 ----a-w- c:\windows\system32\drivers\nis\1005000.086\symfw.sys
2014-02-17 19:39:42 482352 ----a-w- c:\windows\system32\drivers\nis\1005000.086\cchpx86.sys
2014-02-17 19:39:42 43696 ----a-w- c:\windows\system32\drivers\nis\1005000.086\srtspx.sys
2014-02-17 19:39:42 39984 ----a-w- c:\windows\system32\drivers\nis\1005000.086\symndisv.sys
2014-02-17 19:39:42 37296 ----a-w- c:\windows\system32\drivers\nis\1005000.086\symndis.sys
2014-02-17 19:39:42 34736 ----a-w- c:\windows\system32\drivers\nis\1005000.086\symids.sys
2014-02-17 19:39:42 310320 ----a-w- c:\windows\system32\drivers\nis\1005000.086\SymEFA.sys
2014-02-17 19:39:42 307760 ----a-w- c:\windows\system32\drivers\nis\1005000.086\srtsp.sys
2014-02-17 19:39:42 258608 ----a-w- c:\windows\system32\drivers\nis\1005000.086\BHDrvx86.sys
2014-02-17 19:39:42 217392 ----a-w- c:\windows\system32\drivers\nis\1005000.086\symtdi.sys
2014-02-17 19:14:10 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-01-20 05:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 17:33:53.46 ===============
 
 
 


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 25 February 2014 - 09:48 AM

Greetings jenwemp and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 25 February 2014 - 03:40 PM

Gary,

Thank you for being so responsive! I got your email (on my phone) this a.m., but wasn't able to access my PC until now. I want to clarify one thing. I needed to print off something from my PC last night. I had Adobe 9.1 and every time I attempted to access the .pdf I got an error message. A dialogue box kept appearing to check online for a solution. I did, and it prompted me to update my version of Adobe to 10.1.4, which I did. It also installed MacAfee, which I wasn't able to avoid. I just want to be upfront, b/c the state of my laptop is now different than when I posted to the forum. I will not make any additional changes from here on out (last night I needed to make a deadline, but don't foresee anything popping up in the next few days). Is it okay to proceed the instructions laid out in your reply to me?

 

Cheers,
Jen



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 25 February 2014 - 04:00 PM

Hi Jen,

Thanks for the update. Absolutely, please go ahead and run the program, we will just have a bit more (McAfee) to review! :) If it is essential for you to do things on your computer we can work around that. Just do what you have to and let me know what was done.

Look forward to attacking this.......
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 25 February 2014 - 04:10 PM

  • FRST results
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by jenwemp (administrator) on JENWEMP-PC on 25-02-2014 13:02:38
Running from C:\Users\jenwemp\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Symantec Corporation) C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.5.0.134\InstStub.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TANU\TANU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(DataLode, Inc.) C:\Program Files\Toshiba Registration\Registration.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6965792 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448376 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] - C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1318912 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TANU] - C:\Program Files\TOSHIBA\TANU\TANU.exe [263560 2009-03-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1007616 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-05-03] (Google)
HKLM\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-293595244-3248633467-398394321-1000\...\Run: [1544741396] - C:\Program Files\Toshiba Registration\Registration.exe [87536 2008-10-21] (DataLode, Inc.)
HKU\S-1-5-21-293595244-3248633467-398394321-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-17] (Google Inc.)
HKU\S-1-5-21-293595244-3248633467-398394321-1000\...\Run: [Fitbit Connect] - C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [119296 2009-05-03] (Google)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google Search) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 GoogleDesktopManager-092308-165331; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-05-03] (Google)
R2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [115560 2014-02-17] (Symantec Corporation)
S3 Partner Service; C:\ProgramData\Partner\partner.exe [110576 2014-02-17] (Google Inc.)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [57344 2009-02-19] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-14] (TOSHIBA Corporation)
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090226.034\NAVENG.SYS [89104 2014-02-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090226.034\NAVEX15.SYS [876144 2014-02-17] (Symantec Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [346112 2009-01-13] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\system32\drivers\NIS\1005000.086\SRTSP.SYS [307760 2014-02-17] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1005000.086\SRTSPX.SYS [43696 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 13:02 - 2014-02-25 13:02 - 00016155 _____ () C:\Users\jenwemp\Downloads\FRST.txt
2014-02-25 13:01 - 2014-02-25 13:02 - 00000000 ____D () C:\FRST
2014-02-25 13:01 - 2014-02-25 13:01 - 01144320 _____ (Farbar) C:\Users\jenwemp\Downloads\FRST.exe
2014-02-24 19:58 - 2014-02-24 19:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-24 19:57 - 2014-02-24 19:57 - 00001863 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-24 19:56 - 2014-02-24 19:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-24 18:59 - 2014-02-25 12:28 - 00005076 _____ () C:\Windows\PFRO.log
2014-02-24 17:34 - 2014-02-24 17:36 - 00022927 _____ () C:\Users\jenwemp\Desktop\dds.txt
2014-02-24 17:34 - 2014-02-24 17:36 - 00004789 _____ () C:\Users\jenwemp\Desktop\attach.txt
2014-02-24 17:32 - 2014-02-24 17:32 - 00688992 ____R (Swearware) C:\Users\jenwemp\Downloads\dds.com
2014-02-24 15:35 - 2014-02-24 15:35 - 04721920 _____ (Piriform Ltd) C:\Users\jenwemp\Downloads\ccsetup410 (1).exe
2014-02-24 15:35 - 2014-02-24 15:35 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 15:34 - 2014-02-24 15:34 - 04721920 _____ (Piriform Ltd) C:\Users\jenwemp\Downloads\ccsetup410.exe
2014-02-24 15:17 - 2014-02-24 15:17 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\AVG2014
2014-02-24 15:16 - 2014-02-24 15:16 - 00000853 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 15:16 - 2014-02-24 15:16 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\TuneUp Software
2014-02-24 15:14 - 2014-02-24 15:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 15:08 - 2014-02-25 12:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-24 15:08 - 2014-02-24 15:22 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Avg2014
2014-02-24 15:08 - 2014-02-24 15:08 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\MFAData
2014-02-24 15:07 - 2014-02-24 15:08 - 04462384 _____ (AVG Technologies) C:\Users\jenwemp\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-24 15:07 - 2014-02-24 15:07 - 05056656 _____ (Systweak Inc ) C:\Users\jenwemp\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-02-24 15:05 - 2014-02-24 15:05 - 05056656 _____ (Systweak Inc ) C:\Users\jenwemp\Downloads\rcp_dcomnew_sec_728.exe
2014-02-24 14:58 - 2014-02-24 16:42 - 00052736 _____ () C:\Users\jenwemp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 14:06 - 2014-02-24 14:06 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Intuit
2014-02-24 14:04 - 2014-02-24 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-24 14:04 - 2014-02-24 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 13:49 - 2014-02-24 13:50 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-02-24 13:47 - 2014-02-24 13:48 - 06318888 _____ (Fitbit Inc.) C:\Users\jenwemp\Downloads\FitbitConnect_Win_2014110_1.0.1.5127.exe
2014-02-24 13:47 - 2014-02-24 13:47 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\QuickenWindow
2014-02-20 16:08 - 2014-02-20 16:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-18 22:13 - 2014-02-18 22:13 - 00000000 ____D () C:\Users\jenwemp\Documents\TurboTax
2014-02-18 22:12 - 2014-02-18 22:12 - 00000157 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-18 22:10 - 2014-02-18 22:10 - 00001898 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-18 21:55 - 2014-02-20 15:48 - 00000000 ____D () C:\Program Files\TurboTax
2014-02-18 21:52 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\jenwemp\Downloads\TurboTax Home Business Fed Efile State 2013
2014-02-18 21:46 - 2014-02-18 21:46 - 00001614 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-18 21:46 - 2014-02-18 21:46 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-18 21:46 - 2014-02-18 21:46 - 00000000 ____D () C:\Program Files\Common Files\AnswerWorks 5.0
2014-02-18 21:46 - 2013-09-23 21:23 - 04200744 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\system32\cdintf400.dll
2014-02-18 21:45 - 2014-02-18 22:12 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Intuit
2014-02-18 21:45 - 2014-02-18 22:10 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-02-18 21:45 - 2014-02-18 21:46 - 00000120 _____ () C:\Windows\QUICKEN.INI
2014-02-18 21:42 - 2014-02-18 22:10 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-18 21:42 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-02-18 21:42 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-02-18 21:42 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-02-18 21:42 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-02-18 21:42 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-02-18 21:33 - 2014-02-18 21:50 - 00000000 ____D () C:\ProgramData\Protexis
2014-02-18 21:33 - 2014-02-18 21:40 - 00000000 ____D () C:\Users\jenwemp\Downloads\Quicken 2014 Home and Business
2014-02-18 21:33 - 2014-02-18 21:33 - 01547048 _____ (arvato digital services llc) C:\Users\jenwemp\Downloads\Download_TurboTax_Home_Business_Fed_Efile_State_2013.exe
2014-02-18 21:33 - 2014-02-18 21:33 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Protexis
2014-02-18 21:32 - 2014-02-18 21:33 - 01549272 _____ (arvato digital services llc) C:\Users\jenwemp\Downloads\Download_Quicken_2014_Home_and_Business.exe
2014-02-18 21:19 - 2014-02-18 21:19 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-18 21:18 - 2008-04-02 20:00 - 00198656 _____ (CANON INC.) C:\Windows\system32\CNMLM83.DLL
2014-02-18 21:16 - 2010-09-06 08:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-02-18 21:16 - 2010-09-06 08:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-02-18 21:16 - 2009-08-24 04:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-02-17 16:04 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-02-17 15:35 - 2008-06-19 17:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-02-17 15:35 - 2008-06-19 17:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-02-17 15:35 - 2008-06-19 17:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-17 15:35 - 2008-06-19 17:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-02-17 15:35 - 2008-06-19 17:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2014-02-17 15:35 - 2008-06-19 17:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-02-17 15:30 - 2008-07-27 10:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-02-17 15:30 - 2008-07-27 10:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-02-17 15:28 - 2010-02-20 15:39 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-02-17 15:28 - 2010-02-20 15:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-02-17 15:28 - 2010-02-20 13:18 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-02-17 15:27 - 2010-09-20 01:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-02-17 15:23 - 2010-12-29 09:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-02-17 15:23 - 2010-10-28 04:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-17 15:21 - 2009-08-14 08:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-02-17 15:21 - 2009-08-14 06:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2014-02-17 15:21 - 2009-08-14 06:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2014-02-17 15:21 - 2009-08-14 06:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2014-02-17 15:21 - 2009-08-14 06:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2014-02-17 15:21 - 2009-08-14 06:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2014-02-17 15:21 - 2009-08-14 06:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2014-02-17 15:21 - 2009-08-14 06:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2014-02-17 15:20 - 2010-09-13 08:05 - 10627584 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-17 15:20 - 2010-09-13 08:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-02-17 15:20 - 2010-09-13 08:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-02-17 15:20 - 2010-09-13 08:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-02-17 15:20 - 2010-09-13 06:46 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-17 15:20 - 2009-09-10 09:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-02-17 15:20 - 2009-07-10 04:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-02-17 15:19 - 2011-01-21 07:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-17 15:19 - 2011-01-21 07:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-02-17 15:19 - 2011-01-04 17:07 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-02-17 15:19 - 2011-01-04 17:07 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-02-17 15:19 - 2011-01-04 17:06 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-02-17 15:19 - 2010-12-17 08:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-17 15:19 - 2010-12-17 07:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-17 15:19 - 2010-11-06 03:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-02-17 15:19 - 2010-11-06 03:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-02-17 15:19 - 2010-11-06 03:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-02-17 15:19 - 2010-11-06 03:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-02-17 15:19 - 2010-11-04 16:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-02-17 15:19 - 2010-10-15 06:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-17 15:19 - 2010-10-15 06:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-17 15:19 - 2010-10-15 05:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-17 15:19 - 2010-09-08 09:26 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 15:19 - 2010-09-08 09:26 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 15:19 - 2010-09-08 09:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-17 15:19 - 2010-09-08 09:24 - 03587584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 15:19 - 2010-09-08 09:24 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-17 15:19 - 2010-09-08 09:24 - 00476672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-17 15:19 - 2010-09-08 09:24 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 06078464 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2014-02-17 15:19 - 2010-09-08 09:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 15:19 - 2010-09-08 07:53 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-17 15:19 - 2010-09-08 07:28 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 15:19 - 2010-08-31 07:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2014-02-17 15:19 - 2010-08-31 07:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2014-02-17 15:19 - 2010-08-20 07:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-17 15:19 - 2010-05-27 11:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2014-02-17 15:19 - 2010-05-04 08:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 15:19 - 2010-04-05 08:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-17 15:19 - 2010-02-25 20:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-17 15:19 - 2010-02-18 06:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-17 15:19 - 2010-02-18 03:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-02-17 15:19 - 2009-06-15 10:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-17 15:19 - 2009-06-15 07:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-02-17 15:19 - 2009-06-15 07:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-02-17 15:19 - 2009-06-15 07:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-17 15:19 - 2009-06-15 07:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-17 15:19 - 2009-06-15 04:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-02-17 15:19 - 2009-06-10 04:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-02-17 15:19 - 2009-06-10 04:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-02-17 15:19 - 2009-06-10 03:59 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-02-17 15:19 - 2009-06-10 03:56 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-02-17 15:19 - 2009-06-10 02:10 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-02-17 15:19 - 2009-06-10 02:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-02-17 15:19 - 2009-06-10 02:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-02-17 15:19 - 2009-03-16 19:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2014-02-17 15:19 - 2009-03-16 19:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2014-02-17 15:19 - 2009-03-02 20:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-02-17 15:19 - 2009-03-02 20:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2014-02-17 15:19 - 2009-03-02 20:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-02-17 15:19 - 2009-03-02 20:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-02-17 15:19 - 2009-03-02 20:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2014-02-17 15:19 - 2009-03-02 20:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2014-02-17 15:19 - 2009-03-02 19:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-02-17 15:19 - 2009-03-02 18:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2014-02-17 15:19 - 2009-02-13 00:49 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-17 15:18 - 2011-07-06 06:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-02-17 15:18 - 2011-06-02 04:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-17 15:18 - 2011-04-29 04:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-02-17 15:18 - 2011-04-29 04:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-02-17 15:18 - 2011-04-29 04:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-02-17 15:18 - 2011-04-29 04:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-02-17 15:18 - 2011-03-10 08:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-02-17 15:18 - 2011-03-10 08:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-02-17 15:18 - 2011-03-02 06:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-02-17 15:18 - 2011-03-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-02-17 15:18 - 2011-02-22 04:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-02-17 15:18 - 2011-02-18 05:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-02-17 15:18 - 2011-02-16 07:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-17 15:18 - 2011-02-16 05:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-17 15:18 - 2010-12-28 06:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-02-17 15:18 - 2010-12-20 07:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-17 15:18 - 2010-06-28 08:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-02-17 15:18 - 2010-06-16 07:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-17 15:18 - 2010-06-16 07:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-02-17 15:18 - 2010-06-11 07:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 15:18 - 2009-08-10 05:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-02-17 15:18 - 2009-08-10 03:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-02-17 15:18 - 2009-07-14 05:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-02-17 15:18 - 2009-07-14 00:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2014-02-17 15:18 - 2009-07-14 00:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2014-02-17 15:18 - 2009-07-11 11:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-02-17 15:18 - 2009-07-11 11:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-02-17 15:18 - 2009-07-11 11:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-02-17 15:18 - 2009-07-11 11:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2014-02-17 15:18 - 2009-07-11 09:18 - 02501921 _____ () C:\Windows\system32\wlan.tmf
2014-02-17 15:18 - 2009-06-15 07:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-02-17 15:18 - 2009-05-04 02:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-02-17 15:18 - 2009-04-23 04:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-02-17 15:18 - 2009-04-23 04:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-17 15:18 - 2008-06-05 19:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2014-02-17 15:18 - 2008-06-05 19:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2014-02-17 15:17 - 2011-05-02 07:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-02-17 15:17 - 2011-04-21 05:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-17 15:17 - 2011-04-20 06:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-02-17 15:17 - 2011-04-20 06:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-02-17 15:17 - 2011-04-14 06:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-02-17 15:17 - 2011-02-16 07:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 15:17 - 2011-02-16 07:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-17 15:17 - 2010-12-14 07:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-02-17 15:17 - 2010-10-18 06:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-17 15:17 - 2010-08-31 07:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-17 15:17 - 2010-08-26 08:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-02-17 15:17 - 2010-08-17 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-02-17 15:17 - 2010-06-18 08:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-02-17 15:17 - 2010-04-16 08:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-02-17 15:17 - 2010-04-16 08:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-17 15:17 - 2010-04-05 08:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-02-17 15:17 - 2010-01-21 07:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-02-17 15:17 - 2010-01-14 16:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-02-17 15:17 - 2009-12-23 04:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-17 15:17 - 2009-10-07 04:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-02-17 15:17 - 2009-10-07 04:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-02-17 15:17 - 2009-09-04 04:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-02-17 15:17 - 2009-07-17 06:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2014-02-17 15:14 - 2011-04-29 06:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-17 15:14 - 2009-12-28 04:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-02-17 15:14 - 2009-12-28 04:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-02-17 15:14 - 2009-12-28 04:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-02-17 15:14 - 2009-12-28 04:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-02-17 15:14 - 2009-12-28 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-02-17 15:14 - 2009-12-28 04:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-02-17 15:14 - 2009-12-28 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-02-17 15:14 - 2009-12-28 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-02-17 15:14 - 2009-12-28 04:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2014-02-17 15:14 - 2009-04-02 04:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-02-17 15:06 - 2014-02-24 13:55 - 00001982 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 15:04 - 2014-02-25 12:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 15:04 - 2014-02-24 19:09 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 15:04 - 2014-02-20 15:48 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Apps\2.0
2014-02-17 15:04 - 2014-02-17 15:04 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Deployment
2014-02-17 15:02 - 2014-02-24 19:58 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Adobe
2014-02-17 14:01 - 2014-02-20 15:48 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Google
2014-02-17 13:53 - 2014-02-20 16:18 - 00000000 ____D () C:\Users\jenwemp\Documents\My Google Gadgets
2014-02-17 13:53 - 2014-02-20 15:48 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Google
2014-02-17 13:53 - 2014-02-18 22:13 - 00088648 _____ () C:\Users\jenwemp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-17 13:53 - 2014-02-17 13:53 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Toshiba
2014-02-17 13:52 - 2014-02-20 15:48 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\VirtualStore
2014-02-17 13:52 - 2014-02-17 13:52 - 00000960 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000955 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000926 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000016 __RSH () C:\Windows\system32\Drivers\fbd.sys
2014-02-17 13:51 - 2014-02-20 16:34 - 00000000 ____D () C:\Users\jenwemp
2014-02-17 13:51 - 2014-02-17 13:51 - 00000020 ___SH () C:\Users\jenwemp\ntuser.ini
2014-02-17 13:51 - 2014-02-17 13:51 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\WinBatch
2014-02-17 13:51 - 2008-01-20 18:42 - 00000000 ___RD () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-17 13:51 - 2008-01-20 18:42 - 00000000 ___RD () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-17 11:40 - 2014-02-17 11:40 - 00000000 ____D () C:\ProgramData\Partner
2014-02-17 11:40 - 2014-02-17 11:40 - 00000000 ____D () C:\ProgramData\Google
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-02-17 11:36 - 2014-02-17 11:36 - 00000004 __RSH () C:\Windows\system32\Drivers\taishop.sys
2014-02-17 11:35 - 2014-02-17 11:35 - 00000000 ____D () C:\Program Files\Common Files\Toshiba Shared
2014-02-17 11:35 - 2014-02-17 11:35 - 00000000 _____ () C:\Windows\NDSTray.INI
2014-02-17 11:34 - 2009-01-27 19:12 - 00279376 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tos_sps32.sys
2014-02-17 11:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-17 11:31 - 2009-03-18 11:44 - 00022272 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\PGEffect.sys
2014-02-17 11:29 - 2014-02-17 11:34 - 00000000 ____D () C:\ProgramData\Toshiba
2014-02-17 11:28 - 2008-01-15 10:03 - 00364544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlLib.dll
2014-02-17 11:28 - 2007-04-23 10:50 - 00025896 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\RtlProt.sys
2014-02-17 11:28 - 2006-10-26 22:30 - 00131072 _____ () C:\Windows\system32\EnumDevLib.dll
2014-02-17 11:28 - 2006-07-05 06:45 - 01069056 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-02-17 11:28 - 2003-11-18 10:27 - 00155648 _____ (TODO: <Company name>) C:\Windows\system32\IpLib.dll
2014-02-17 11:27 - 2014-02-17 11:27 - 00000000 ____D () C:\Windows\Options
2014-02-17 11:27 - 2014-02-17 11:27 - 00000000 ____D () C:\Program Files\ltmoh
2014-02-17 11:27 - 2009-02-27 10:01 - 00238912 _____ (TOSHIBA Corporation) C:\Windows\system32\tosmreg.exe
2014-02-17 11:27 - 2009-02-17 14:54 - 00000916 _____ () C:\Windows\system32\tosmreg.dat
2014-02-17 11:26 - 2014-02-20 15:55 - 00000000 ____D () C:\Program Files\Realtek WLAN Driver
2014-02-17 11:26 - 2009-01-13 17:56 - 00346112 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8187B.sys
2014-02-17 11:24 - 2014-02-17 11:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2014-02-17 11:24 - 2014-02-17 11:24 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-17 11:23 - 2014-02-17 11:28 - 00000000 ____D () C:\Windows\system32\sda
2014-02-17 11:23 - 2009-03-11 16:17 - 00063488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTSTOR.sys
2014-02-17 11:23 - 2009-02-03 22:39 - 06815264 _____ () C:\Windows\system\DriveIcon.dll
2014-02-17 11:19 - 1999-10-12 18:47 - 00024576 _____ (Toshiba) C:\Windows\system32\TSCI.dll
2014-02-17 11:19 - 1999-10-12 18:45 - 00024576 _____ (Toshiba) C:\Windows\system32\THCI.dll
2014-02-17 11:18 - 2014-02-17 11:18 - 00016066 _____ () C:\Windows\system32\results.xml
2014-02-17 11:15 - 2009-02-11 17:11 - 00329752 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-02-17 11:14 - 2014-02-17 11:14 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-02-17 11:14 - 2009-04-06 10:07 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2014-02-17 11:14 - 2009-03-12 18:11 - 02523680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-02-17 11:14 - 2009-03-12 18:11 - 01003040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-02-17 11:14 - 2009-03-12 18:11 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-02-17 11:14 - 2009-03-12 18:11 - 00326176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-02-17 11:14 - 2009-03-12 18:11 - 00049184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2014-02-17 11:14 - 2009-03-12 17:30 - 02342688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-02-17 11:14 - 2009-02-12 20:24 - 00282112 _____ (Dolby Laboratories) C:\Windows\system32\RTPCEE32.dll
2014-02-17 11:14 - 2009-02-12 16:52 - 00159232 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\FMAPO.dll
2014-02-17 11:14 - 2008-11-09 11:52 - 00159744 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-02-17 11:14 - 2008-10-08 12:56 - 00141312 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-02-17 11:14 - 2008-09-25 16:52 - 00060416 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-02-17 11:14 - 2008-08-25 16:17 - 00528384 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-02-17 11:14 - 2008-05-19 18:25 - 01933312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-02-17 11:14 - 2008-05-19 15:12 - 01777664 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-02-17 11:14 - 2008-04-30 08:48 - 00167936 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-02-17 11:14 - 2007-07-30 18:26 - 00126976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-02-17 11:14 - 2007-07-25 09:33 - 00135168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-02-17 11:14 - 2007-05-17 11:26 - 00185776 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-02-17 11:14 - 2006-12-13 10:30 - 00339968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-02-17 11:13 - 2014-02-17 11:28 - 00000000 ____D () C:\Program Files\Realtek
2014-02-17 11:13 - 2009-04-24 14:29 - 00163840 _____ (Realtek ) C:\Windows\system32\Drivers\Rtlh86.sys
2014-02-17 11:13 - 2009-03-05 14:54 - 00073728 _____ () C:\Windows\system32\RtNicProp32.dll
2014-02-17 11:10 - 2014-02-17 11:10 - 00000000 ____D () C:\Windows\system32\Lang
2014-02-17 11:10 - 2009-03-13 14:02 - 00920088 _____ (Intel® Corporation) C:\Windows\system32\igxpun.exe
2014-02-17 11:10 - 2006-11-10 08:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2014-02-17 11:07 - 2014-02-17 11:07 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2014-02-17 11:00 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-02-17 10:59 - 2014-02-18 21:44 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-17 10:59 - 2014-02-17 10:59 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-17 10:59 - 2014-02-17 10:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-17 10:58 - 2014-02-17 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 10:58 - 2014-02-17 10:58 - 00000000 __RHD () C:\MSOCache
2014-02-17 10:57 - 2014-02-20 15:55 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-02-17 10:57 - 2014-02-20 15:48 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-17 10:51 - 2014-02-25 12:33 - 01081866 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 13:36 - 2014-02-11 13:36 - 00000000 ___DC () C:\Users\jenwemp\AppData\Local\Western Digital
2014-02-11 13:35 - 2014-02-11 13:35 - 00000000 ___DC () C:\Users\jenwemp\AppData\Local\Western_Digital_Technolog
2014-02-11 13:31 - 2014-02-11 13:34 - 00000000 ___DC () C:\Program Files\Western Digital
 
==================== One Month Modified Files and Folders =======
 
2014-02-25 13:02 - 2014-02-25 13:02 - 00016155 _____ () C:\Users\jenwemp\Downloads\FRST.txt
2014-02-25 13:02 - 2014-02-25 13:01 - 00000000 ____D () C:\FRST
2014-02-25 13:01 - 2014-02-25 13:01 - 01144320 _____ (Farbar) C:\Users\jenwemp\Downloads\FRST.exe
2014-02-25 12:44 - 2013-10-01 21:01 - 00000000 ___DC () C:\Users\jenwemp\Desktop\Full Process
2014-02-25 12:44 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-02-25 12:42 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 12:42 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 12:34 - 2014-02-24 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 12:34 - 2006-11-02 02:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 12:33 - 2014-02-17 10:51 - 01081866 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 12:31 - 2014-02-17 15:04 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 12:28 - 2014-02-24 18:59 - 00005076 _____ () C:\Windows\PFRO.log
2014-02-25 12:28 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 20:02 - 2006-11-02 05:01 - 00012744 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 19:59 - 2009-05-03 19:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-24 19:58 - 2014-02-24 19:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-24 19:58 - 2014-02-17 15:02 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Adobe
2014-02-24 19:57 - 2014-02-24 19:57 - 00001863 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-24 19:56 - 2014-02-24 19:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-24 19:56 - 2009-07-21 19:05 - 00000000 ___DC () C:\Users\jenwemp\AppData\Local\Adobe
2014-02-24 19:56 - 2009-05-03 19:32 - 00000000 ____D () C:\Program Files\Adobe
2014-02-24 19:09 - 2014-02-17 15:04 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 17:36 - 2014-02-24 17:34 - 00022927 _____ () C:\Users\jenwemp\Desktop\dds.txt
2014-02-24 17:36 - 2014-02-24 17:34 - 00004789 _____ () C:\Users\jenwemp\Desktop\attach.txt
2014-02-24 17:32 - 2014-02-24 17:32 - 00688992 ____R (Swearware) C:\Users\jenwemp\Downloads\dds.com
2014-02-24 16:42 - 2014-02-24 14:58 - 00052736 _____ () C:\Users\jenwemp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 16:40 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-24 15:58 - 2009-05-04 11:13 - 00000000 ____D () C:\Windows\Panther
2014-02-24 15:40 - 2009-05-03 19:37 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-24 15:38 - 2009-05-03 19:07 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-24 15:38 - 2009-05-03 19:07 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-02-24 15:35 - 2014-02-24 15:35 - 04721920 _____ (Piriform Ltd) C:\Users\jenwemp\Downloads\ccsetup410 (1).exe
2014-02-24 15:35 - 2014-02-24 15:35 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 15:35 - 2009-07-21 16:50 - 00000000 ___DC () C:\Program Files\CCleaner
2014-02-24 15:34 - 2014-02-24 15:34 - 04721920 _____ (Piriform Ltd) C:\Users\jenwemp\Downloads\ccsetup410.exe
2014-02-24 15:22 - 2014-02-24 15:08 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Avg2014
2014-02-24 15:17 - 2014-02-24 15:17 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\AVG2014
2014-02-24 15:16 - 2014-02-24 15:16 - 00000853 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-24 15:16 - 2014-02-24 15:16 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\TuneUp Software
2014-02-24 15:16 - 2014-02-24 15:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-24 15:14 - 2010-11-01 20:36 - 00000000 __HDC () C:\$AVG
2014-02-24 15:12 - 2009-07-21 15:48 - 00000000 ___DC () C:\Program Files\AVG
2014-02-24 15:08 - 2014-02-24 15:08 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\MFAData
2014-02-24 15:08 - 2014-02-24 15:07 - 04462384 _____ (AVG Technologies) C:\Users\jenwemp\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-24 15:07 - 2014-02-24 15:07 - 05056656 _____ (Systweak Inc ) C:\Users\jenwemp\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-02-24 15:05 - 2014-02-24 15:05 - 05056656 _____ (Systweak Inc ) C:\Users\jenwemp\Downloads\rcp_dcomnew_sec_728.exe
2014-02-24 14:06 - 2014-02-24 14:06 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Intuit
2014-02-24 14:04 - 2014-02-24 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-24 14:04 - 2014-02-24 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 13:55 - 2014-02-17 15:06 - 00001982 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 13:50 - 2014-02-24 13:49 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-02-24 13:49 - 2013-04-05 13:47 - 00000000 ___DC () C:\Program Files\Fitbit Connect
2014-02-24 13:48 - 2014-02-24 13:47 - 06318888 _____ (Fitbit Inc.) C:\Users\jenwemp\Downloads\FitbitConnect_Win_2014110_1.0.1.5127.exe
2014-02-24 13:47 - 2014-02-24 13:47 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\QuickenWindow
2014-02-20 16:34 - 2014-02-17 13:51 - 00000000 ____D () C:\Users\jenwemp
2014-02-20 16:18 - 2014-02-17 13:53 - 00000000 ____D () C:\Users\jenwemp\Documents\My Google Gadgets
2014-02-20 16:08 - 2014-02-20 16:08 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-20 16:00 - 2006-11-02 03:18 - 00000000 __RHD () C:\Users\Default
2014-02-20 15:58 - 2009-05-03 19:34 - 00000000 ____D () C:\Program Files\Toshiba Registration
2014-02-20 15:55 - 2014-02-17 11:26 - 00000000 ____D () C:\Program Files\Realtek WLAN Driver
2014-02-20 15:55 - 2014-02-17 10:57 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-02-20 15:48 - 2014-02-18 21:55 - 00000000 ____D () C:\Program Files\TurboTax
2014-02-20 15:48 - 2014-02-17 15:04 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Apps\2.0
2014-02-20 15:48 - 2014-02-17 14:01 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Google
2014-02-20 15:48 - 2014-02-17 13:53 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Google
2014-02-20 15:48 - 2014-02-17 13:52 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\VirtualStore
2014-02-20 15:48 - 2014-02-17 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-20 15:48 - 2009-05-03 19:34 - 00000000 ____D () C:\Program Files\Picasa2
2014-02-20 15:48 - 2009-05-03 19:06 - 00000000 ____D () C:\Program Files\Java
2014-02-20 15:48 - 2009-05-03 18:58 - 00000000 ____D () C:\Program Files\Intel
2014-02-20 15:48 - 2006-11-02 04:37 - 00000000 ____D () C:\Users\Public\Recorded TV
2014-02-20 15:29 - 2006-11-02 04:47 - 00338488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 22:13 - 2014-02-18 22:13 - 00000000 ____D () C:\Users\jenwemp\Documents\TurboTax
2014-02-18 22:13 - 2014-02-17 13:53 - 00088648 _____ () C:\Users\jenwemp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 22:12 - 2014-02-18 22:12 - 00000157 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-18 22:12 - 2014-02-18 21:45 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\Intuit
2014-02-18 22:10 - 2014-02-18 22:10 - 00001898 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-18 22:10 - 2014-02-18 21:45 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-02-18 22:10 - 2014-02-18 21:42 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-18 21:54 - 2014-02-18 21:52 - 00000000 ____D () C:\Users\jenwemp\Downloads\TurboTax Home Business Fed Efile State 2013
2014-02-18 21:50 - 2014-02-18 21:33 - 00000000 ____D () C:\ProgramData\Protexis
2014-02-18 21:46 - 2014-02-18 21:46 - 00001614 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-18 21:46 - 2014-02-18 21:46 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-18 21:46 - 2014-02-18 21:46 - 00000000 ____D () C:\Program Files\Common Files\AnswerWorks 5.0
2014-02-18 21:46 - 2014-02-18 21:45 - 00000120 _____ () C:\Windows\QUICKEN.INI
2014-02-18 21:44 - 2014-02-17 10:59 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-18 21:40 - 2014-02-18 21:33 - 00000000 ____D () C:\Users\jenwemp\Downloads\Quicken 2014 Home and Business
2014-02-18 21:33 - 2014-02-18 21:33 - 01547048 _____ (arvato digital services llc) C:\Users\jenwemp\Downloads\Download_TurboTax_Home_Business_Fed_Efile_State_2013.exe
2014-02-18 21:33 - 2014-02-18 21:33 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Protexis
2014-02-18 21:33 - 2014-02-18 21:32 - 01549272 _____ (arvato digital services llc) C:\Users\jenwemp\Downloads\Download_Quicken_2014_Home_and_Business.exe
2014-02-18 21:19 - 2014-02-18 21:19 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-18 21:12 - 2006-11-02 04:37 - 00000000 ____D () C:\Windows\twain_32
2014-02-18 21:12 - 2006-11-02 03:18 - 00000000 __RSD () C:\Windows\Media
2014-02-17 16:40 - 2006-11-02 04:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-02-17 16:40 - 2006-11-02 04:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-02-17 15:06 - 2009-05-03 19:34 - 00000000 ____D () C:\Program Files\Google
2014-02-17 15:04 - 2014-02-17 15:04 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Deployment
2014-02-17 13:53 - 2014-02-17 13:53 - 00000000 ____D () C:\Users\jenwemp\AppData\Local\Toshiba
2014-02-17 13:52 - 2014-02-17 13:52 - 00000960 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000955 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000926 _____ () C:\Users\jenwemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-17 13:52 - 2014-02-17 13:52 - 00000016 __RSH () C:\Windows\system32\Drivers\fbd.sys
2014-02-17 13:52 - 2006-11-02 03:18 - 00000000 ___RD () C:\Users\Public
2014-02-17 13:51 - 2014-02-17 13:51 - 00000020 ___SH () C:\Users\jenwemp\ntuser.ini
2014-02-17 13:51 - 2014-02-17 13:51 - 00000000 ____D () C:\Users\jenwemp\AppData\Roaming\WinBatch
2014-02-17 11:40 - 2014-02-17 11:40 - 00000000 ____D () C:\ProgramData\Partner
2014-02-17 11:40 - 2014-02-17 11:40 - 00000000 ____D () C:\ProgramData\Google
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 11:39 - 2014-02-17 11:39 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-02-17 11:36 - 2014-02-17 11:36 - 00000004 __RSH () C:\Windows\system32\Drivers\taishop.sys
2014-02-17 11:35 - 2014-02-17 11:35 - 00000000 ____D () C:\Program Files\Common Files\Toshiba Shared
2014-02-17 11:35 - 2014-02-17 11:35 - 00000000 _____ () C:\Windows\NDSTray.INI
2014-02-17 11:34 - 2014-02-17 11:29 - 00000000 ____D () C:\ProgramData\Toshiba
2014-02-17 11:33 - 2009-05-03 19:11 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-02-17 11:28 - 2014-02-17 11:23 - 00000000 ____D () C:\Windows\system32\sda
2014-02-17 11:28 - 2014-02-17 11:13 - 00000000 ____D () C:\Program Files\Realtek
2014-02-17 11:27 - 2014-02-17 11:27 - 00000000 ____D () C:\Windows\Options
2014-02-17 11:27 - 2014-02-17 11:27 - 00000000 ____D () C:\Program Files\ltmoh
2014-02-17 11:24 - 2014-02-17 11:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2014-02-17 11:24 - 2014-02-17 11:24 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-17 11:23 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system
2014-02-17 11:18 - 2014-02-17 11:18 - 00016066 _____ () C:\Windows\system32\results.xml
2014-02-17 11:14 - 2014-02-17 11:14 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-02-17 11:10 - 2014-02-17 11:10 - 00000000 ____D () C:\Windows\system32\Lang
2014-02-17 11:10 - 2014-02-17 10:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 11:09 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-17 11:07 - 2014-02-17 11:07 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2014-02-17 10:59 - 2014-02-17 10:59 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-17 10:59 - 2014-02-17 10:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-17 10:58 - 2014-02-17 10:58 - 00000000 __RHD () C:\MSOCache
2014-02-17 10:58 - 2006-11-02 04:37 - 00000000 ____D () C:\Windows\ShellNew
2014-02-17 10:57 - 2006-11-02 04:37 - 00000000 ____D () C:\Windows\system32\restore
2014-02-11 13:36 - 2014-02-11 13:36 - 00000000 ___DC () C:\Users\jenwemp\AppData\Local\Western Digital
2014-02-11 13:35 - 2014-02-11 13:35 - 00000000 ___DC () C:\Users\jenwemp\AppData\Local\Western_Digital_Technolog
2014-02-11 13:34 - 2014-02-11 13:31 - 00000000 ___DC () C:\Program Files\Western Digital
2014-02-11 13:28 - 2010-11-30 21:57 - 00000000 ___DC () C:\Users\jenwemp\AppData\Roaming\ZumoDrive
2014-01-29 13:01 - 2012-07-30 11:47 - 00000000 ___DC () C:\Users\jenwemp\Desktop\Biz
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-25 12:35
 
==================== End Of Log ============================
  • Addition log
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by jenwemp at 2014-02-25 13:03:25
Running from C:\Users\jenwemp\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
Fitbit Connect (HKLM\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.8.0809.23506 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 16.5.0.134 - Symantec Corporation)
Norton Internet Security (Version: 16.5.0.134 - Symantec Corporation) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.6.15 - Intuit)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20130 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
Skype Launcher (HKLM\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
TOSHIBA Agreement Notification Utility (HKLM\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
TOSHIBA Agreement Notification Utility (Version: 1.0.11.0 - TOSHIBA Corporation) Hidden
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 8.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.2.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.2.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.0.4.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.0.4.32 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.00 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00 - TOSHIBA Corporation) Hidden
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6_Vista32 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.8 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1548 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0437 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Restore Points  =========================
 
17-02-2014 21:52:06 Installed Toshiba Quality Application
17-02-2014 23:24:00 Windows Update
18-02-2014 00:54:50 Windows Update
19-02-2014 05:11:47 Device Driver Package Install: Canon Imaging devices
19-02-2014 05:11:59 Windows Update
19-02-2014 05:18:19 Device Driver Package Install: Canon Printers
19-02-2014 05:42:43 Windows Update
19-02-2014 06:09:33 Installed TurboTax 2013 wrapper
20-02-2014 23:33:48 Windows Update
24-02-2014 21:48:42 Installed Fitbit Connect
24-02-2014 21:48:49 Windows Update
24-02-2014 22:17:48 Windows Update
24-02-2014 23:11:45 Installed AVG 2014
24-02-2014 23:12:33 Installed AVG 2014
24-02-2014 23:37:35 Removed Netzero Internet Access Installer
 
==================== Hosts content: ==========================
 
2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6A2FDCFE-7AC8-45CC-A65F-00C0AA30B2C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {83BD6B8D-5D70-4F48-AD80-BF3AB0C6E3DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {98400A49-A3DC-482C-A002-73CDCAE847CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-03-07 13:15 - 2009-03-07 13:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 10:37 - 2008-07-14 10:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-03 19:07 - 2006-10-10 10:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 10:57 - 2006-10-07 10:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-01-30 21:11 - 2009-01-30 21:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-05-03 19:35 - 2009-05-03 19:35 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2014-02-24 13:55 - 2014-02-19 17:02 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-24 13:55 - 2014-02-19 17:03 - 04060488 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-24 13:55 - 2014-02-19 17:03 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-24 13:55 - 2014-02-19 17:02 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-17 15:12 - 2014-02-17 15:12 - 04591616 _____ () C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-02-17 15:12 - 2014-02-17 15:12 - 00112128 _____ () C:\Users\jenwemp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\jenwemp\Documents\RP1 Work Depth conf call EDITED 52609 Final.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW050CDA_Yuen_FoundationForDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW050CDB_Yuen_FoundationForDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW051CD_Head_BeginningTips.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW056CDA_Danzik_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW057CDA_Woods_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW105CD_Stokes_EmeraldRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW115CD_HawaiiInterviews2002.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW126CDA_Golden_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW126CDB_Golden_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW128CDA_Grosboll_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW128CDB_Grosboll_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW143CDA_Kizirian_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW143CDB_Kizirian_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW146CDA_Hawkins_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW146CDB_Hawkins_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW147CDA_Yuen_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW147CDB_Yuen_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW153CD_Puryear_Choices.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW156CD_Puryear_Pro-sumerToDiamondInTwoYears.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW160CD_Danzik_HowtoStartYourArtistryBusiness.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW181CD_Puryear_NewCrowns_FED2003.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW185CDA_Severn_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW185CDB_Severn_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW188CD_DuncanGreg_PrivateFranchising HTHTW.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW191CDA_Felber_DoubleDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW191CDB_Felber_DoubleDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW192CDA_DuncanBrad_FoundersTrippleDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW192CDB_DuncanBrad_FoundersTrippleDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW195CDA_Shores_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW195CDB_Shores_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW199CDA_Attalah_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW199CDB_Attalah_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW226CD_Puryear_PumpUpYourVolume.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW227CD_Puryear_FinishtheRace.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW253CDA_DuncanGreg_TripleDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW253CDB_DuncanGreg_TripleDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW254CD_Droegemueller_EmeraldRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW256CD_Chau_EmeraldRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW258CDA_Gonser_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW258CDB_Gonser_DiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW259CDA_Head_ExecutiveDiamondAttitude.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW274CDB_Yuen-Kosage_HandlingObjections.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW275CDA_Hawkins-Grosboll_ValueofPremierMembership.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW275CDB_Grosboll-Severn_ValueofPremierMembership.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW276CDA_Baker_Woods_ValueofCore.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW276CDB_Baker_Woods_ValueofCore.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW278CDA_Tsuruda-Sears-Attalah_PersistencyConsistency.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW278CDB_Tsuruda-Sears-Attalah_PersistencyConsistency.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW279CDA_Kizirian-Golden-Shores_DevelopingaBusinessMentality.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW279CDB_Kizirian-Golden-Shores_DevelopingaBusinessMentality.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW281CDA_Foglio_ValueofEdificationandDuplication.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW281CDB_Alcott_ValueofEdificationandDuplication.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW282CDA_Nelsen-Popovich-DuncanDavid_LongTermThinking.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW282CDB_Nelsen-Popovich-DuncanDavid_LongTermThinking.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW283CDA_Danzik-Gonser_HowWhyofMerchandising.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW283CDB_Danzik-Gonser_HowWhyofMerchandising.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW284CD_Felber_CharacteristicsofaLeader.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW288CDA_Hawkins_HowToContactAndInviteInThe21stCentury-05update.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW288CDB_Hawkins_HowToContactAndInviteInThe21stCentury-05update.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW294CD_Crowe_FED2005.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW295CD_Dussault_NewDiamonds_FED2005.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW296CD_Waechter_NewDiamonds_FED2005.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW297CD_Puryear_MakingtheFirstCircleWork.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW316CD_Hawkins_WebTourwithBusinessOverview.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW328CD_ControllingFear_Felber.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW345CD_Puryear_PrinciplesofShowingthePlan.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW348CD_Atilano_EmeraldRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW351CDA_DuncanGreg_TripleDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW351CDB_DuncanGreg_TripleDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW367CD_Kosage_ExecutiveDiamondRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW372CD_Puryear_MaximizeYourVolume.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW383CD_SpringLeadership07_DuncanBrad_10coresteps.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW405CDB_Puryear_PumpInTheDesert.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW409CD_Kizirian_DiamondRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW413CD_SpringLeadership08_Puryear.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW414CD_Hawkins_WhatsNext.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW420CDA_Eaton-Kummer_SpringLeadership2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW420CDB_Kosage-Nelsen_SpringLeadership2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW428CDA_Danzik_ExecutiveDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW428CDB_Danzik_ExecutiveDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW429CDB_Yuen_ExecutiveDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW430CDA_Felber_DoubleDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW430CDB_Felber_DoubleDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW431CDA_Hawkins_ExecutiveDiamondSeminar.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW434CDA_Puryear_RubytoDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW434CDB_Puryear_RubytoDiamond.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW440CD_MensPanel_FED2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW441CD_WomensPanel_FED2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW444CD_Puryear_FormulaForSuccess.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW445_FED2008_Puryear.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW447CDB_Felber-Eaton_FED2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW448CDA_FED2008_Kosage-Kummer.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW448CDB_FED2008_Shores-Tsuruda.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW449A_FED2008_Duncan-Foglio.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW449B_FED2008_Hawkins-Popovich.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW450A_FED2008_Woods-Danzik.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW450B_FED2008_Yuen-Severn.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW451A_FED2008_Kizirian-Head.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW451B_FED2008_Baker-Nelsen.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW452CDA_DoubleEagleRubies_FED2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW452CDB_DoubleEagleRubies_FED2008.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW454A_FED2008_DoubleEagleRubies.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW454B_FED2008_DoubleEagleRubies.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW461A_DreamNight2009_Baker.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW462_DreamNight2009_Kummer.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW463A_DreamNight2009_Duncan.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW463B_DreamNight2009_Duncan.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW464_Tracey&KimberlyEaton_Dream2009_6-29-09.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW465A_DreamNight2009_Head.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW465B_DreamNight2009_Foglio.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW467B_Scott&CrisHarimoto_Dream2009_6-29-09.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW468_Dan&SandyYuen_Dreamnight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW469A_DreamNight2009_Terry&LindaFelber.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW469B_DreamNight2009_Norm&PamKizirian.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW470_Theron&DarleneNelsen_Dreamnight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW471A_Howie&TheresaDanzik_Dreamnight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW471B_Mike&BarbPopovich_Dreamnight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW472_Bill&SandyHawkins_DreamNight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW474_SamirAttalah_DreamNight2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW475_Puryear_HowtoWorkDepth.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW476_PaulTsika_Expectations.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW477_PaythePrice_Puryear.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW478A_AttalahEaton_SpringLead2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW478B_KosageShores_SpringLead2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW479A_Foglio_Head_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW479B_Tsuruda_Woods_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW480A_G&LDuncan_Yuen_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW480B_Baker_Severn_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW481A_Danzik_Popovich_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW481B_Felber_Kizirian_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW482A_Kummer_HawkinsSpringLead2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW482B_Nelsen_Harimoto_SpringLead2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW483_Duncan_SpringLeadership2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW484_Mens_WomensPanel.SpringLead2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW485_SpringLead2009.VegasMen'sWomen'sPanel.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW486_SpringLead09_SpokaneM&WPanels.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW487_SpringLead09_BradDuncan&GregDuncan.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW488A_SL2009_NelsenFelberHawkins.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW488B_SL2009_AttalahShoresKosage.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW489A_SpringLead09_DanzikPopovichKizirian.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW489B_SpringLead09_EatonHarimotoBaker.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW490A_SpringLead09_FoglioHeadYuen.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW490B_SpringLead09_KummerTsurudaWoodsSevern.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW492_Maxwell_LeadershipGold2.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW493A_RonPuryear_Friendship1stDirectship2nd.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW493B_RonPuryear_Friendship1stDirectship2nd.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW494A_Severn_PigsDon'tKnow.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW494B_Severn_PigsDon'tKnow.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW495_Tsika_HowToSurviveADip_12-2-09.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW496_JohnMaxwell_LeadershipGold_Pt3.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW498_William&AlyshahGamble_EmeraldRally.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW499A_Danzik&Kummer_FED2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW499B_Tsuruda&Harimoto_FED2009.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\jenwemp\Documents\WW500_Dave&JanSevern_FED2009.mp3:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2014 00:29:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/24/2014 07:51:40 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x13b0, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:51:19 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x1048, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:50:20 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x590, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:50:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/24/2014 07:49:56 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0xba0, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:47:13 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x1280, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:46:49 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x1744, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:45:39 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.1.0.163, time stamp 0x49a88f00, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0050002f,
process id 0x13ac, application start time 0xAcroRd32.exe0.
 
Error: (02/24/2014 07:00:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/25/2014 00:28:11 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (02/24/2014 07:56:02 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (02/24/2014 07:56:02 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (02/24/2014 07:56:02 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/24/2014 07:49:11 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (02/24/2014 06:59:46 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (02/24/2014 03:41:59 PM) (Source: DCOM) (User: )
Description: {290DF7B4-08B5-4A7D-89A8-FB831BD8E99D}
 
Error: (02/24/2014 01:41:23 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (02/20/2014 05:54:26 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (02/20/2014 03:29:57 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-25 13:03:10.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:03:10.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:03:10.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:03:10.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-25 13:02:48.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 2939.24 MB
Available physical RAM: 1403.63 MB
Total Pagefile: 6090.8 MB
Available Pagefile: 4705.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.3 MB
 
==================== Drives ================================
 
Drive c: (TI100712V0E) (Fixed) (Total:287.79 GB) (Free:209.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 3347D3DF)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)
 
==================== End Of Log ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 25 February 2014 - 04:29 PM

Hi Jen,

Thanks for the information and quick response (BTW I will need to be away from my computer for an hour or so). Please do these things for me.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG AntiVirus Free Edition 2014
Norton Internet Security


===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
Folder: c:\users
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • RogueKiller log
  • Search document

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 25 February 2014 - 05:02 PM

screen317's Security Check
 
 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java™ 6 Update 11  
 Java version out of Date! 
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Flash Player 12.0.0.70  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 53 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
When I attempt to run the Microsoft Fix it, I get a dialog box stating:
The Microsoft Fix it does not apply to your operating system or application version.
 
Followed by a dialog box:
The Microsoft Fix it failed to process.
 
I am stopping here until further instructions. I haven't done the Rogue Killer yet. I also will be away from my PC for a while. I really appreciate you being so fast and responsive. I know I've said it before, but you are truly exceeding my expectations. 
 
Thanks again, Gary.
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 25 February 2014 - 05:44 PM

Hi Jen,

I am simply trying to keep up with the speed of your replies. :)

Sorry, that Fixit is not for Vista. That fix is really insignificant so we will skip over it and continue on whenever you are ready.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 25 February 2014 - 10:24 PM

Rogue Killer (I did not delete anything. I simply copy and pasted the following):

 

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : jenwemp [Admin rights]
Mode : Scan -- Date : 02/25/2014 19:19:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\jenwemp\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=ccd49be093bb47d2acaad157752a88ea-ef89f4ba3294fff940fbc924098ad9567ae27b82 /CMPID=0214c [-][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-293595244-3248633467-398394321-1000\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\jenwemp\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=ccd49be093bb47d2acaad157752a88ea-ef89f4ba3294fff940fbc924098ad9567ae27b82 /CMPID=0214c [-][x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35985066)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35985066)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35985066)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] 276c42db2cd51a9034d7aa667ab34aed
[BSP] a2fd68a9e435c2fce890c9eb66f0c52e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294695 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606609408 | Size: 9049 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02252014_191921.txt >>
 
 
 
 
Search Report:
 
Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by jenwemp at 2014-02-25 19:22:20
Running from C:\Users\jenwemp\Downloads
Boot Mode: Normal
 
================== Search: "Folder: c:\users" ===================
 
=== End Of Search ===

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 25 February 2014 - 10:37 PM

Thanks Jen,

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
c:\users
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. If necessary please zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 February 2014 - 01:53 AM

 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 22:52 on 25/02/2014 by jenwemp
Administrator - Elevation successful
 
========== dir ==========
 
c:\users - Parameters: "(none)"
 
---Files---
desktop.ini --ahs-- 174 bytes [12:50 02/11/2006] [02:43 21/01/2008]
 
---Folders---
All Users d--hs-- [13:02 02/11/2006]
Default dr-h--- [11:18 02/11/2006]
Default User d--hs-- [13:02 02/11/2006]
jenwemp d------ [21:51 17/02/2014]
Public dr----- [11:18 02/11/2006]
wangzhisong d----c- [22:31 16/12/2013]
 
-= EOF =-
 
 
 
Sweet Dreams, Gary. 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 26 February 2014 - 09:52 AM

Greetings Jen,

Sweet dreams indeed! :)

A few of things.

I want to just look inside the wangzhisong User Profile before we delete it. I had you run that search just to make sure there wasn't anything else in the Users folder we needed to be concerned with. There isn't.

Secondly, this computer has an inactive compromised partition. It is not hurting anything but I would like to deal with it anyway.

Lastly, since this computer had such a severe infection I want to run an additional scan to see what it tells us.

OK, classroom time is over. Time to get to work!

Please do these things for me.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
c:\users\wangzhisong /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached SystemLook log
  • Attached TDSSKiller log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 February 2014 - 04:46 PM

Gary,
Sorry for the delay in time. I tried to run ComboFix this a.m. and was unsuccessful, but was able to have it run successfully just now. I am attaching the log files. I did zip the TDSSKikller, but it is still too large to upload (263KB zipped). I will reply to post again and attach those files, as I've reached size limit for this post
 
Also, I did want to double check with you, I keep getting notices that some of my software is out of date and is prompting me to get latest updates. Should I do that, or wait? Somewhere on bleepingcomputer.com i saw to have latest updates, but I also know that article wasn't directed at people who were in the process of being helped. Let me know. (I know one is a Windows Update, and I think another is either Flash or Adobe).

ComboFix 14-02-24.02 - jenwemp 02/26/2014 12:55:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1927 [GMT -8:00]
Running from: c:\users\jenwemp\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\Thumbs.db
.
-- Previous Run --
.
Infected copy of c:\windows\system32\wshtcpip.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!WSHTCPIP.DLL
.
--------
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2014-01-26 to 2014-02-26 )))))))))))))))))))))))))))))))
.
.
2014-02-26 21:01 . 2014-02-26 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 21:01 . 2014-02-25 21:05 -------- d-----w- C:\FRST
2014-02-25 03:58 . 2014-02-25 03:58 -------- d-----w- c:\programdata\McAfee
2014-02-25 03:56 . 2014-02-25 03:56 -------- d-----w- c:\program files\Common Files\Adobe
2014-02-24 23:08 . 2014-02-26 15:47 -------- d-----w- c:\programdata\MFAData
2014-02-24 23:08 . 2014-02-24 23:08 -------- d--h--w- c:\programdata\Common Files
2014-02-24 22:19 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42A16096-A2BD-4BDC-97DB-A06979B592B4}\mpengine.dll
2014-02-24 22:04 . 2014-02-24 22:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 22:04 . 2014-02-24 22:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 21:49 . 2014-02-24 21:50 -------- d-----w- c:\programdata\FitbitConnect
2014-02-21 00:08 . 2014-02-21 00:08 -------- d-----w- c:\programdata\WindowsSearch
2014-02-19 05:55 . 2014-02-20 23:48 -------- d-----w- c:\program files\TurboTax
2014-02-19 05:46 . 2014-02-19 05:46 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2014-02-19 05:46 . 2013-09-24 05:23 4200744 ----a-w- c:\windows\system32\cdintf400.dll
2014-02-19 05:45 . 2014-02-19 06:10 -------- d-----w- c:\program files\Common Files\Intuit
2014-02-19 05:45 . 2014-02-24 22:45 -------- d-----w- c:\program files\Quicken
2014-02-19 05:42 . 2009-11-08 18:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-02-19 05:42 . 2009-11-08 18:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-02-19 05:42 . 2009-11-08 18:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-02-19 05:42 . 2009-11-08 18:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-02-19 05:42 . 2009-11-08 18:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-02-19 05:42 . 2014-02-19 06:10 -------- d-----w- c:\programdata\Intuit
2014-02-19 05:33 . 2014-02-19 05:50 -------- d-----w- c:\programdata\Protexis
2014-02-19 05:19 . 2014-02-19 05:19 -------- d--h--w- c:\programdata\CanonBJ
2014-02-19 05:19 . 2006-09-13 04:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP83.DLL
2014-02-19 05:19 . 2006-09-13 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD83.DLL
2014-02-19 05:18 . 2008-04-03 04:00 198656 ----a-w- c:\windows\system32\CNMLM83.DLL
2014-02-19 05:16 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2014-02-19 05:16 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2014-02-19 05:16 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-02-19 05:02 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2014-02-18 00:04 . 2013-12-18 14:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-17 23:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-17 23:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-02-17 23:35 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-02-17 23:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2014-02-17 23:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-02-17 23:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-02-17 23:30 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-02-17 23:30 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2014-02-17 23:28 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-02-17 23:28 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-02-17 23:28 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2014-02-17 23:27 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2014-02-17 23:23 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2014-02-17 23:23 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-17 23:21 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2014-02-17 23:21 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2014-02-17 23:21 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2014-02-17 23:21 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2014-02-17 23:21 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2014-02-17 23:21 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2014-02-17 23:21 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2014-02-17 23:21 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2014-02-17 23:20 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2014-02-17 23:20 . 2010-09-13 16:04 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-02-17 23:20 . 2010-09-13 16:04 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-02-17 23:20 . 2010-09-13 16:03 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-02-17 23:20 . 2010-09-13 14:45 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2014-02-17 23:20 . 2010-09-13 14:44 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-17 23:20 . 2010-09-13 14:44 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2014-02-17 23:20 . 2010-09-13 14:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-17 23:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2014-02-17 23:17 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-02-17 23:14 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-02-17 23:14 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-02-17 23:14 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2014-02-17 23:14 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-02-17 23:14 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-02-17 23:14 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-02-17 23:14 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2014-02-17 23:14 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-02-17 23:14 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-02-17 23:14 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-02-17 23:14 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2014-02-17 21:52 . 2014-02-17 21:52 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2014-02-17 21:51 . 2014-02-21 00:34 -------- d-----w- c:\users\jenwemp
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\programdata\Partner
2014-02-17 19:39 . 2014-02-25 21:40 -------- d-----w- c:\programdata\Symantec
2014-02-17 19:39 . 2014-02-25 21:40 -------- d-----w- c:\programdata\Norton
2014-02-17 19:36 . 2014-02-17 19:36 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2014-02-17 19:35 . 2014-02-17 19:35 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2014-02-17 19:34 . 2009-01-28 03:12 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2014-02-17 19:34 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-02-17 19:31 . 2009-03-18 19:44 22272 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2014-02-17 19:29 . 2014-02-17 19:34 -------- d-----w- c:\programdata\Toshiba
2014-02-17 19:28 . 2008-01-15 18:03 364544 ----a-w- c:\windows\system32\RtlLib.dll
2014-02-17 19:28 . 2007-04-23 18:50 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2014-02-17 19:28 . 2006-10-27 06:30 131072 ----a-w- c:\windows\system32\EnumDevLib.dll
2014-02-17 19:28 . 2006-07-05 14:45 1069056 ----a-w- c:\windows\system32\libeay32.dll
2014-02-17 19:28 . 2003-11-18 18:27 155648 ----a-w- c:\windows\system32\IpLib.dll
2014-02-17 19:27 . 2009-02-27 18:01 238912 ----a-w- c:\windows\system32\tosmreg.exe
2014-02-17 19:27 . 2014-02-17 19:27 -------- d-----w- c:\program files\ltmoh
2014-02-17 19:27 . 2014-02-17 19:27 -------- d-----w- c:\windows\Options
2014-02-17 19:26 . 2014-02-20 23:55 -------- d-----w- c:\program files\Realtek WLAN Driver
2014-02-17 19:26 . 2009-01-14 01:56 346112 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2014-02-17 19:24 . 2014-02-17 19:24 -------- d-----w- c:\program files\Synaptics
2014-02-17 19:23 . 2014-02-17 19:28 -------- d-----w- c:\windows\system32\sda
2014-02-17 19:23 . 2009-03-12 00:17 63488 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2014-02-17 19:23 . 2009-02-04 06:39 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2014-02-17 19:19 . 1999-10-13 02:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2014-02-17 19:19 . 1999-10-13 02:45 24576 ----a-w- c:\windows\system32\THCI.dll
2014-02-17 19:15 . 2009-02-12 01:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2014-02-17 19:13 . 2014-02-17 19:28 -------- d-----w- c:\program files\Realtek
2014-02-17 19:13 . 2009-04-24 22:29 163840 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2014-02-17 19:13 . 2009-03-05 22:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-02-17 19:10 . 2014-02-17 19:10 -------- d-----w- c:\windows\system32\Lang
2014-02-17 19:10 . 2009-03-13 22:02 920088 ----a-w- c:\windows\system32\igxpun.exe
2014-02-17 19:10 . 2006-11-10 16:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2014-02-17 19:07 . 2014-02-17 19:07 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2014-02-17 19:00 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-02-17 19:00 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-02-17 18:59 . 2014-02-19 05:44 -------- d-----w- c:\program files\Microsoft.NET
2014-02-17 18:59 . 2014-02-17 18:59 -------- d-----w- c:\windows\PCHEALTH
2014-02-17 18:58 . 2014-02-17 19:10 -------- d-----w- c:\programdata\Microsoft Help
2014-02-17 18:58 . 2014-02-17 18:58 -------- d-----r- C:\MSOCache
2014-02-17 18:57 . 2014-02-20 23:55 -------- d-----w- c:\program files\Microsoft Works
2014-02-11 21:31 . 2014-02-11 21:34 -------- dc----w- c:\program files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-14 16:26 . 2014-01-14 16:26 10 ----a-w- c:\windows\Fonts\wfonts.key
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2014-02-17 19:40 157168 ----a-w- c:\programdata\Partner\partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-17 39408]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 3362336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-18 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-04 30192]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 3362336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-24 21:50 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-17 23:04]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-17 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.43.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\jenwemp\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
SafeBoot-80054490.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-26 13:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Fitbit Connect\FitbitConnectService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\msiexec.exe
c:\program files\TOSHIBA\RSelect\RSelSvc.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\TECO\TecoService.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\windows\system32\rundll32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-02-26 13:07:32 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-26 21:07
.
Pre-Run: 224,804,626,432 bytes free
Post-Run: 224,661,504,000 bytes free
.
- - End Of File - - 3419D094F913913EDF6C4DDD13C46324
5B5E648D12FCADC244C1EC30318E1EB9

SystemLook 30.07.11 by jpshortstuff
Log created at 07:26 on 26/02/2014 by jenwemp
Administrator - Elevation successful

========== dir ==========

c:\users\wangzhisong - Parameters: "/s"

---Files---
None found.

c:\users\wangzhisong\AppData d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie\Download d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie\Download\Apk d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie\Download\Music d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie\Download\Picture d----c- [22:31 16/12/2013]

c:\users\wangzhisong\AppData\Local\Mobogenie\Download\Video d----c- [22:31 16/12/2013]

-= EOF =-

Attached Files


Edited by Oh My, 26 February 2014 - 05:35 PM.


#14 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 February 2014 - 04:48 PM

Here is Part 1 of the TDSSKiller Log

Attached Files



#15 jenwemp

jenwemp
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 February 2014 - 04:50 PM

  •   TDSSKiller.3.0.0.23_26.02.2014_07.34.02_log_pt_2.zip

    Upload Skipped (This file was too big to upload)

Attach Files     You can upload up to 118.14KB of files (Max. single file size: 118.14KB)

Trouble uploading? Try our basic upl

 

 

Gary,

So I'm actually not able to upload the 2nd half of the TDDSKiller log. I had split it into 2 parts, and zipped both, but the size limitation for files I can upload keep shringking






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users