ecoffey0310
2013-04-09, 22:05
Hello,
I have been having some issues with my laptop. First of all, I am pretty sure that I have some trojans and WORMs because before I switched to Spybot 2 (which has a different version of the start-tool) I had known (Peter Collins defined) trojans and WORMs being detected in my system start-up. AVG and Spybot were not detecting them. I know some of the detected start-up viruses were system.exe, svchost.exe, and jusched.exe (java updater). I am very concerned about the damage being done to my registry!
I am concerned about my computer's security and I think I may be dealing with some highjackers. I often found my laptop connected to many outside IP addresses when running netstat. I have a lot of issues when I use my firefox browser (which I would prefer to use!) so I switched to Internet Explorer for now. I'm afraid that malware is being planted on my PC when I use the internet or something along those lines.
I should mention that I did not have java on my laptop for awhile (just today I installed the newest version, which really helped my internet speed).
I would deeply apperciate any help with getting my laptop cleared of infection, I have been trying to do so for a long time and fear I may have only made it worse. Thank you!!!!
Here is my latest DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Elyse Coffey at 13:56:51 on 2013-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5557 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\windows\system32\prevhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22L3230005V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Elyse Coffey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\bluetooth manager.lnk.disabled
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3438EAB6-DBC6-4602-AE32-80EF0C4B3ED4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\2375942554537353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\34F66666569784F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\37D64637D2075726C69636 : DHCPNameServer = 205.242.92.2 205.242.176.103
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\37D6624637 : DHCPNameServer = 192.168.1.9 192.168.1.20
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\7657E6E65627 : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elyse Coffey\AppData\Roaming\Mozilla\Firefox\Profiles\dkn73i0x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9ABB2ABB-A943-4183-92DC-1D7CE44DD4BE}&mid=8ec87ea3021647d1bf4439d3c977b8b4-7a766acbacc65ed45d4ac7882c8d76a78030248d&lang=en&ds=AVG&pr=fr&d=2013-04-02 14:53:03&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-02 14:53; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-4-2 39768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-10-26 126392]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-5 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-26 2656280]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-29 990896]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-10-26 42096]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-26 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-26 250984]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-1-4 245760]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-4-21 176128]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-26 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-8-23 15712]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-26 54136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S4 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-09 18:14:45 963488 ----a-w- C:\windows\System32\deployJava1.dll
2013-04-09 18:14:44 1085344 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-04-09 18:14:37 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-07 20:17:23 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{8DC29C16-DD9D-4A13-9B21-D7D2D065D093}
2013-04-06 03:33:42 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-04-06 03:33:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-03 19:22:41 -------- d-----w- C:\Program Files\HitmanPro
2013-04-02 23:59:29 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2013-04-02 20:15:38 35192 ----a-w- C:\windows\System32\TURegOpt.exe
2013-04-02 20:15:38 26488 ----a-w- C:\windows\System32\authuitu.dll
2013-04-02 20:15:38 21880 ----a-w- C:\windows\SysWow64\authuitu.dll
2013-04-02 19:53:02 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-04-02 19:52:59 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-04-02 17:49:51 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-04-02 17:41:45 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD35C0AE-9FF4-49CE-AD3D-5C45D855C228}\mpengine.dll
2013-04-02 17:40:37 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE}
2013-04-02 05:32:27 -------- d-----w- C:\ProgramData\HitmanPro
2013-04-02 05:32:06 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Conduit
2013-04-01 19:32:26 -------- d-----w- C:\ProgramData\ClubSanDisk
2013-04-01 19:05:22 -------- d-----w- C:\Users\Elyse Coffey\SkyDrive
2013-04-01 18:48:06 -------- dc----w- C:\Users\Elyse Coffey\AppData\Local\MigWiz
2013-04-01 09:05:14 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{E2115850-FA54-47CF-9400-FC520C3A227E}
2013-04-01 03:36:02 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\AVG2013
2013-04-01 03:33:45 -------- d--h--w- C:\$AVG
2013-04-01 03:33:45 -------- d-----w- C:\ProgramData\AVG2013
2013-04-01 03:31:59 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Avg2013
2013-03-31 18:51:52 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{D3DBC0ED-9FB0-4909-86CB-7C04D31D4CD7}
2013-03-29 21:09:22 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\AVG SafeGuard toolbar
2013-03-29 21:09:14 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-03-29 21:09:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-03-29 20:00:37 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-03-29 20:00:12 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Programs
2013-03-29 18:23:33 -------- d-----w- C:\ProgramData\Sophos
2013-03-28 19:47:57 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{90F8A157-97B9-479C-916B-FB72FC83F583}
2013-03-25 23:17:44 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{592F692B-1E17-40C7-AE9E-DDCF06526039}
2013-03-25 06:33:29 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{4FA91144-69D5-4815-BAC1-BD965CB60F3B}
2013-03-24 18:33:06 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{39BEB6A9-8BDA-4C5F-8588-67E87570AB87}
2013-03-24 02:34:47 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{9D176007-0A84-4738-B466-BA53B9922FF9}
2013-03-22 21:03:38 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{8874DE89-505D-4ED3-8D7E-873E5A308292}
2013-03-20 21:22:35 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{7340B0E1-9A08-4BB5-87B2-52426F01F0F2}
2013-03-20 09:22:12 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{D75AC0AF-8AB9-47FC-9CCC-09091C20094A}
2013-03-19 20:48:17 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{3FCC008C-5FD0-4DA2-B292-71A7E2AEB708}
2013-03-18 09:29:14 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{9489AA82-DE15-47FD-B6CA-6376F5CC950F}
2013-03-17 17:52:40 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\Canon_Inc_IC
2013-03-17 17:51:33 -------- d-----w- C:\Program Files (x86)\Canon
2013-03-17 17:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-03-17 17:39:20 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{453775A5-BE24-4DBB-A6EB-141448134F86}
2013-03-17 17:28:27 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-03-16 22:53:37 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{1BB50297-1F3A-41BE-8E92-6890D913DDF9}
2013-03-16 00:52:19 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{FFBE7C76-A8EF-4C1F-9FE1-EBB05AC50F4E}
2013-03-15 09:28:33 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{E50ACC50-4524-4F1E-9FA2-8F0ED2294C72}
2013-03-14 18:45:16 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{65E5D6C0-B4BB-4089-8DB5-C10F716727EA}
2013-03-14 06:42:00 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{CECAC11A-74EB-44FF-9D9F-CD60A8875AEF}
2013-03-13 18:41:49 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{7E98530F-7DDE-4234-97CA-7B05ECA8C526}
2013-03-13 06:22:03 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{68F9F13C-9965-4DFE-87C9-92739140429D}
.
==================== Find3M ====================
.
2013-04-09 18:26:05 15712 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2013-04-09 18:15:23 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-09 18:15:23 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-09 18:15:23 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-02-27 04:40:46 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-02-14 08:52:46 239416 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-08 09:37:56 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-02-08 09:37:54 311096 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-02-08 09:37:50 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-02-08 09:37:42 206136 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-02-08 09:37:40 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-02-02 06:38:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-01-17 06:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
.
============= FINISH: 13:57:16.72 ===============
I have been having some issues with my laptop. First of all, I am pretty sure that I have some trojans and WORMs because before I switched to Spybot 2 (which has a different version of the start-tool) I had known (Peter Collins defined) trojans and WORMs being detected in my system start-up. AVG and Spybot were not detecting them. I know some of the detected start-up viruses were system.exe, svchost.exe, and jusched.exe (java updater). I am very concerned about the damage being done to my registry!
I am concerned about my computer's security and I think I may be dealing with some highjackers. I often found my laptop connected to many outside IP addresses when running netstat. I have a lot of issues when I use my firefox browser (which I would prefer to use!) so I switched to Internet Explorer for now. I'm afraid that malware is being planted on my PC when I use the internet or something along those lines.
I should mention that I did not have java on my laptop for awhile (just today I installed the newest version, which really helped my internet speed).
I would deeply apperciate any help with getting my laptop cleared of infection, I have been trying to do so for a long time and fear I may have only made it worse. Thank you!!!!
Here is my latest DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Elyse Coffey at 13:56:51 on 2013-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5557 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\windows\system32\prevhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22L3230005V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Elyse Coffey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk.disabled
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\bluetooth manager.lnk.disabled
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3438EAB6-DBC6-4602-AE32-80EF0C4B3ED4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\2375942554537353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\34F66666569784F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\37D64637D2075726C69636 : DHCPNameServer = 205.242.92.2 205.242.176.103
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\37D6624637 : DHCPNameServer = 192.168.1.9 192.168.1.20
TCP: Interfaces\{77947FA2-FABD-448F-BC89-C1868058F789}\7657E6E65627 : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elyse Coffey\AppData\Roaming\Mozilla\Firefox\Profiles\dkn73i0x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9ABB2ABB-A943-4183-92DC-1D7CE44DD4BE}&mid=8ec87ea3021647d1bf4439d3c977b8b4-7a766acbacc65ed45d4ac7882c8d76a78030248d&lang=en&ds=AVG&pr=fr&d=2013-04-02 14:53:03&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-02 14:53; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-4-2 39768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-10-26 126392]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-5 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-26 2656280]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-29 990896]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-10-26 42096]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-26 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-26 250984]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-1-4 245760]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2010-4-21 176128]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-26 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-8-23 15712]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-26 54136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S4 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-09 18:14:45 963488 ----a-w- C:\windows\System32\deployJava1.dll
2013-04-09 18:14:44 1085344 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-04-09 18:14:37 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-07 20:17:23 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{8DC29C16-DD9D-4A13-9B21-D7D2D065D093}
2013-04-06 03:33:42 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-04-06 03:33:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-03 19:22:41 -------- d-----w- C:\Program Files\HitmanPro
2013-04-02 23:59:29 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2013-04-02 20:15:38 35192 ----a-w- C:\windows\System32\TURegOpt.exe
2013-04-02 20:15:38 26488 ----a-w- C:\windows\System32\authuitu.dll
2013-04-02 20:15:38 21880 ----a-w- C:\windows\SysWow64\authuitu.dll
2013-04-02 19:53:02 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-04-02 19:52:59 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-04-02 17:49:51 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-04-02 17:41:45 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD35C0AE-9FF4-49CE-AD3D-5C45D855C228}\mpengine.dll
2013-04-02 17:40:37 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE}
2013-04-02 05:32:27 -------- d-----w- C:\ProgramData\HitmanPro
2013-04-02 05:32:06 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Conduit
2013-04-01 19:32:26 -------- d-----w- C:\ProgramData\ClubSanDisk
2013-04-01 19:05:22 -------- d-----w- C:\Users\Elyse Coffey\SkyDrive
2013-04-01 18:48:06 -------- dc----w- C:\Users\Elyse Coffey\AppData\Local\MigWiz
2013-04-01 09:05:14 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{E2115850-FA54-47CF-9400-FC520C3A227E}
2013-04-01 03:36:02 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\AVG2013
2013-04-01 03:33:45 -------- d--h--w- C:\$AVG
2013-04-01 03:33:45 -------- d-----w- C:\ProgramData\AVG2013
2013-04-01 03:31:59 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Avg2013
2013-03-31 18:51:52 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{D3DBC0ED-9FB0-4909-86CB-7C04D31D4CD7}
2013-03-29 21:09:22 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\AVG SafeGuard toolbar
2013-03-29 21:09:14 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-03-29 21:09:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-03-29 20:00:37 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-03-29 20:00:12 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\Programs
2013-03-29 18:23:33 -------- d-----w- C:\ProgramData\Sophos
2013-03-28 19:47:57 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{90F8A157-97B9-479C-916B-FB72FC83F583}
2013-03-25 23:17:44 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{592F692B-1E17-40C7-AE9E-DDCF06526039}
2013-03-25 06:33:29 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{4FA91144-69D5-4815-BAC1-BD965CB60F3B}
2013-03-24 18:33:06 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{39BEB6A9-8BDA-4C5F-8588-67E87570AB87}
2013-03-24 02:34:47 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{9D176007-0A84-4738-B466-BA53B9922FF9}
2013-03-22 21:03:38 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{8874DE89-505D-4ED3-8D7E-873E5A308292}
2013-03-20 21:22:35 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{7340B0E1-9A08-4BB5-87B2-52426F01F0F2}
2013-03-20 09:22:12 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{D75AC0AF-8AB9-47FC-9CCC-09091C20094A}
2013-03-19 20:48:17 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{3FCC008C-5FD0-4DA2-B292-71A7E2AEB708}
2013-03-18 09:29:14 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{9489AA82-DE15-47FD-B6CA-6376F5CC950F}
2013-03-17 17:52:40 -------- d-----w- C:\Users\Elyse Coffey\AppData\Roaming\Canon_Inc_IC
2013-03-17 17:51:33 -------- d-----w- C:\Program Files (x86)\Canon
2013-03-17 17:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-03-17 17:39:20 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{453775A5-BE24-4DBB-A6EB-141448134F86}
2013-03-17 17:28:27 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-03-16 22:53:37 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{1BB50297-1F3A-41BE-8E92-6890D913DDF9}
2013-03-16 00:52:19 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{FFBE7C76-A8EF-4C1F-9FE1-EBB05AC50F4E}
2013-03-15 09:28:33 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{E50ACC50-4524-4F1E-9FA2-8F0ED2294C72}
2013-03-14 18:45:16 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{65E5D6C0-B4BB-4089-8DB5-C10F716727EA}
2013-03-14 06:42:00 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{CECAC11A-74EB-44FF-9D9F-CD60A8875AEF}
2013-03-13 18:41:49 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{7E98530F-7DDE-4234-97CA-7B05ECA8C526}
2013-03-13 06:22:03 -------- d-----w- C:\Users\Elyse Coffey\AppData\Local\{68F9F13C-9965-4DFE-87C9-92739140429D}
.
==================== Find3M ====================
.
2013-04-09 18:26:05 15712 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2013-04-09 18:15:23 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-09 18:15:23 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-09 18:15:23 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-02-27 04:40:46 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-02-14 08:52:46 239416 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-08 09:37:56 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-02-08 09:37:54 311096 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-02-08 09:37:50 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-02-08 09:37:42 206136 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-02-08 09:37:40 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-02-02 06:38:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-01-17 06:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
.
============= FINISH: 13:57:16.72 ===============