Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running very slow!

Started by Luimichiamadea , Mar 29 2012 07:03 AM

  • Please log in to reply

#1
Luimichiamadea
Posted 29 March 2012 - 07:03 AM

Luimichiamadea

    New Member

  • Member
  • Pip
  • 9 posts
Hi There,

My computer is running a lot slower than usual and I believe I have a virus. I have windows 7 and my laptop is a Toshiba. Can someone please help me?

OTL logfile created on: 3/29/2012 7:38:12 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Courtnie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.44% Memory free
5.49 Gb Paging File | 3.89 Gb Available in Paging File | 70.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.63 Gb Total Space | 243.30 Gb Free Space | 84.59% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: COURTNIE-PC | User Name: Courtnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 17:26:50 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/12/10 15:31:02 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/10/01 20:06:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Courtnie\Desktop\OTL.exe
PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/07/06 21:06:36 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files (x86)\McAfee.com\Agent\Mcdetect.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/10 15:31:02 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/15 12:02:34 | 000,111,872 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/10/15 12:02:02 | 000,124,160 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2005/07/12 13:43:04 | 000,121,344 | ---- | M] (McAfee, Inc) [Auto | Stopped] -- c:\Program Files (x86)\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/06 21:06:36 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files (x86)\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 21:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 21:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 23:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/08/26 22:02:53 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 19:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/10/15 11:58:34 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/10/15 11:58:34 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/10/15 11:58:26 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/10/15 11:56:10 | 000,043,032 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/02/13 12:28:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/13 12:28:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/19 15:05:22 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100920.033\EX64.SYS -- (NAVEX15)
DRV - [2010/09/19 15:05:22 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100920.033\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/06/16 20:54:12 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100917.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/15 11:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Courtnie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011/09/18 17:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012/03/29 07:02:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Anti-Phishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files (x86)\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [MCAFInstaller_screm.ui] C:\Program Files (x86)\McAfee.com\Shared\mcappins.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files (x86)\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MSKAgentExe] C:\PROGRA~2\McAfee\SPAMKI~1\MSKAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files (x86)\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKServerExe] C:\Program Files (x86)\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files (x86)\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D6C2D5-C6AC-48A9-A2FA-B217C0500E76}: DhcpNameServer = 10.5.1.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77C11788-14D8-4CCF-8F75-B3D7AB10200E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5470b92d-d259-11df-8685-00266c59af03}\Shell - "" = AutoRun
O33 - MountPoints2\{5470b92d-d259-11df-8685-00266c59af03}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\ElevatedDiagnostics
[2012/03/07 23:27:40 | 000,000,000 | ---D | C] -- C:\de21791ca92ede68196e98a106828d
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 07:10:07 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 07:10:07 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 07:06:50 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/29 07:06:50 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/29 07:06:50 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/29 07:04:33 | 000,002,413 | ---- | M] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012/03/29 07:04:08 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/29 07:02:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/29 07:02:02 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 21:44:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 19:32:02 | 000,001,452 | ---- | M] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 10:40:33 | 000,343,776 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/20 09:38:24 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/03/20 09:38:23 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/21 19:31:59 | 000,001,424 | ---- | C] () -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/20 09:38:24 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/03/20 09:38:23 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/12/17 03:43:18 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/09/19 13:13:49 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2011/09/19 13:13:49 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2010/08/29 14:26:55 | 000,001,784 | ---- | C] () -- C:\Users\Courtnie\AppData\Roaming\wklnhst.dat
[2010/06/23 13:59:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/23 13:56:53 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\windows\SysWow64\drivers\swmsflt.sys

========== LOP Check ==========

[2010/10/08 15:29:53 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Sierra Wireless
[2010/08/29 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Template
[2010/09/19 14:35:54 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Tific
[2010/08/30 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Toshiba
[2011/01/05 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Walgreens
[2010/08/26 22:05:06 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WildTangent
[2010/08/26 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WildTangentv1002
[2010/08/26 21:49:47 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WinBatch
[2010/12/05 08:45:22 | 000,032,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thanks,

Luimichiamadea
  • 0

Advertisements

#2
Luimichiamadea
Posted 03 April 2012 - 12:44 PM

Luimichiamadea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
http://www.geekstogo..._1#entry2139113

Hi there,

Above is the link to my origianl post and log. I'm not computer savvy and really would like a resolution to my problem. My computer is moving at an incredibly slow rate and my internet cuts out and reboots on certain websites i.e. Yahoo, facebook, etc. Any help would be greatly appreciated.


Thanks,

Luimichiamadea
  • 0

#3
Gammo
Posted 07 April 2012 - 09:03 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
Luimichiamadea
Posted 18 April 2012 - 01:35 AM

Luimichiamadea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 4/18/2012 2:21:20 AM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Courtnie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 46.20% Memory free
5.49 Gb Paging File | 3.72 Gb Available in Paging File | 67.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.63 Gb Total Space | 239.72 Gb Free Space | 83.34% Space Free | Partition Type: NTFS
Drive D: | 132.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COURTNIE-PC | User Name: Courtnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 21:05:00 | 000,383,704 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012/03/07 17:26:50 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/03/07 00:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/04 08:43:47 | 001,693,120 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/12/10 15:31:02 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/10/01 20:06:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Courtnie\Desktop\OTL.exe
PRC - [2011/09/20 15:52:58 | 000,245,608 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
PRC - [2011/09/01 19:18:54 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2009/08/10 00:30:54 | 000,529,256 | ---- | M] (Toshiba) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/07/06 21:06:36 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files (x86)\McAfee.com\Agent\Mcdetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/20 09:41:20 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/03/20 09:41:13 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/03/20 09:40:48 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/03/20 09:40:43 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/03/20 09:40:40 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/12 23:54:05 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/02 21:05:00 | 000,383,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2011/12/10 15:31:02 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/15 12:02:34 | 000,111,872 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/10/15 12:02:02 | 000,124,160 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2005/07/12 13:43:04 | 000,121,344 | ---- | M] (McAfee, Inc) [Auto | Stopped] -- c:\Program Files (x86)\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/06 21:06:36 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files (x86)\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/21 21:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 21:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 23:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/08/26 22:02:53 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 19:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/10/15 11:58:34 | 000,202,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/10/15 11:58:34 | 000,198,408 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/10/15 11:58:26 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/10/15 11:56:10 | 000,043,032 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/02/13 12:28:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/13 12:28:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2010/09/19 15:05:22 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100920.033\EX64.SYS -- (NAVEX15)
DRV - [2010/09/19 15:05:22 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100920.033\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/06/16 20:54:12 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100917.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/15 11:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Courtnie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011/09/18 17:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012/04/18 02:17:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\BrowserConnection.dll (Discordia , LTD)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (McAfee Anti-Phishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files (x86)\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MCAFInstaller_screm.ui] C:\Program Files (x86)\McAfee.com\Shared\mcappins.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCAgentExe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files (x86)\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MSKAgentExe] C:\PROGRA~2\McAfee\SPAMKI~1\MSKAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files (x86)\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKServerExe] C:\Program Files (x86)\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001..\Run: [EPSON NX430 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Courtnie\AppData\Local\Temp\E_SF8BD.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Courtnie\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files (x86)\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D6C2D5-C6AC-48A9-A2FA-B217C0500E76}: DhcpNameServer = 10.5.1.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77C11788-14D8-4CCF-8F75-B3D7AB10200E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/17 21:58:36 | 000,000,041 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5470b92d-d259-11df-8685-00266c59af03}\Shell - "" = AutoRun
O33 - MountPoints2\{5470b92d-d259-11df-8685-00266c59af03}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{55d59737-7ef6-11df-880c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55d59737-7ef6-11df-880c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2009/01/04 07:17:24 | 000,377,648 | R--- | M] (EPSON America Inc.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 15:14:40 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012/04/03 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Leader Technologies
[2012/04/03 15:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Epson
[2012/04/02 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/04/02 21:05:39 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\PerformerSoft
[2012/04/02 21:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Performer
[2012/04/02 21:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Performer
[2012/04/02 21:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchcore Toolbar
[2012/04/02 21:05:13 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
[2012/04/02 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialSavings
[2012/04/02 21:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/04/02 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\SumatraPDF
[2012/04/02 19:36:55 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012/04/02 19:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2012/04/02 19:36:50 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\windows\ExentInfo.exe
[2012/04/02 19:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2012/04/02 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\I Want This
[2012/04/02 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I Want This
[2012/04/02 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/04/02 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\Babylon
[2012/04/02 19:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTabPDFReader
[2012/04/02 19:36:02 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Babylon
[2012/04/02 19:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/02 18:40:09 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Leadertech
[2012/04/02 18:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/04/02 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2012/04/02 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2012/04/02 18:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2012/04/02 18:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2012/04/02 18:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/04/02 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/04/02 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/04/02 18:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/04/02 18:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/03/31 14:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/03/30 19:42:00 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Wondershare
[2012/03/30 19:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/03/30 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/03/30 19:21:19 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\Documents\bitpim
[2012/03/30 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitPim
[2012/03/30 19:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitPim
[2012/03/30 01:44:50 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Temp
[2012/03/30 01:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/30 01:39:09 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[2012/03/30 01:20:07 | 000,000,000 | ---D | C] -- C:\Temp
[2012/03/29 23:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/03/29 23:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2012/03/29 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\Documents\SelfMV
[2012/03/29 23:46:37 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\Samsung
[2012/03/29 23:46:28 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Samsung
[2012/03/29 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\Documents\samsung
[2012/03/29 23:43:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/03/29 23:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/03/29 23:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/03/29 23:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/03/29 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\Downloaded Installations
[2012/03/29 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\ElevatedDiagnostics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 02:26:55 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 02:26:54 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 02:18:17 | 000,001,224 | ---- | M] () -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/04/18 02:17:45 | 000,002,413 | ---- | M] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012/04/18 02:16:49 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 02:16:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/18 02:16:28 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 11:44:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 09:28:59 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/13 09:28:59 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/13 09:28:59 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/04 22:01:43 | 000,000,306 | ---- | M] () -- C:\windows\tasks\DriverPerformer_UPDATES.job
[2012/04/03 15:33:35 | 000,000,000 | ---- | M] () -- C:\windows\EEventManager.INI
[2012/04/03 15:15:58 | 000,002,011 | ---- | M] () -- C:\Users\Courtnie\Desktop\Play 10 Talismans.lnk
[2012/04/02 21:09:53 | 000,001,145 | ---- | M] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/04/02 21:09:52 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/02 21:05:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Driver Performer.lnk
[2012/04/02 19:53:37 | 000,000,071 | ---- | M] () -- C:\windows\ENX430.ini
[2012/04/02 19:37:01 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2012/04/02 19:36:56 | 000,000,064 | ---- | M] () -- C:\windows\GPlrLanc.dat
[2012/04/02 19:36:09 | 000,001,491 | ---- | M] () -- C:\user.js
[2012/04/02 19:36:03 | 000,001,083 | ---- | M] () -- C:\Users\Courtnie\Desktop\FoxTab PDF Reader.lnk
[2012/04/02 18:56:16 | 000,051,377 | ---- | M] () -- C:\Users\Courtnie\Documents\Justin practice pic.xps
[2012/04/02 18:36:32 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Epson Stylus NX430 User's Guide.lnk
[2012/04/02 18:26:33 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/03/30 19:40:43 | 000,002,183 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2012/03/30 19:40:43 | 000,002,100 | ---- | M] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\MobileGo.lnk
[2012/03/30 19:40:42 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare MobileGo.lnk
[2012/03/30 01:39:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/30 01:39:41 | 000,001,992 | ---- | M] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/21 19:32:02 | 000,001,452 | ---- | M] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 10:40:33 | 000,343,776 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/20 09:38:24 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/03/20 09:38:23 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 15:33:35 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2012/04/03 15:14:43 | 000,002,011 | ---- | C] () -- C:\Users\Courtnie\Desktop\Play 10 Talismans.lnk
[2012/04/02 21:09:52 | 000,001,145 | ---- | C] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/04/02 21:09:52 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/02 21:05:48 | 000,000,306 | ---- | C] () -- C:\windows\tasks\DriverPerformer_UPDATES.job
[2012/04/02 21:05:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Driver Performer.lnk
[2012/04/02 19:53:32 | 000,001,224 | ---- | C] () -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/04/02 19:37:00 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2012/04/02 19:36:56 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2012/04/02 19:36:06 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/04/02 19:36:02 | 000,001,083 | ---- | C] () -- C:\Users\Courtnie\Desktop\FoxTab PDF Reader.lnk
[2012/04/02 18:54:04 | 000,051,377 | ---- | C] () -- C:\Users\Courtnie\Documents\Justin practice pic.xps
[2012/04/02 18:36:37 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2012/04/02 18:36:31 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Epson Stylus NX430 User's Guide.lnk
[2012/04/02 18:26:33 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/04/02 18:23:45 | 000,000,071 | ---- | C] () -- C:\windows\ENX430.ini
[2012/03/30 19:40:43 | 000,002,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2012/03/30 19:40:42 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare MobileGo.lnk
[2012/03/30 19:40:42 | 000,002,100 | ---- | C] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\MobileGo.lnk
[2012/03/30 01:39:47 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/30 01:39:40 | 000,001,992 | ---- | C] () -- C:\Users\Courtnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/21 19:31:59 | 000,001,424 | ---- | C] () -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/20 09:38:24 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/03/20 09:38:23 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/12/17 03:43:18 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/19 13:13:49 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2011/09/19 13:13:49 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2010/08/29 14:26:55 | 000,001,784 | ---- | C] () -- C:\Users\Courtnie\AppData\Roaming\wklnhst.dat
[2010/06/23 13:59:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/23 13:56:53 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/10/06 02:16:02 | 000,819,200 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\windows\SysWow64\drivers\swmsflt.sys

========== LOP Check ==========

[2012/04/02 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Babylon
[2012/04/03 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Epson
[2012/04/03 15:13:52 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Leader Technologies
[2012/04/02 18:40:09 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Leadertech
[2012/04/02 21:05:39 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\PerformerSoft
[2012/03/30 01:37:32 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Samsung
[2010/10/08 15:29:53 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Sierra Wireless
[2012/04/02 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\SumatraPDF
[2012/03/30 01:44:50 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Temp
[2010/08/29 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Template
[2010/09/19 14:35:54 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Tific
[2010/08/30 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Toshiba
[2011/01/05 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Walgreens
[2010/08/26 22:05:06 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WildTangent
[2010/08/26 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WildTangentv1002
[2010/08/26 21:49:47 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\WinBatch
[2012/03/30 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Courtnie\AppData\Roaming\Wondershare
[2012/04/04 22:01:43 | 000,000,306 | ---- | M] () -- C:\windows\Tasks\DriverPerformer_UPDATES.job
[2010/12/05 08:45:22 | 000,032,638 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
Gammo
Posted 18 April 2012 - 09:38 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-3166450026-3839021513-1828503697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
O2:64bit: - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\BrowserConnection.dll (Discordia , LTD)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchcore Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
[2012/04/02 21:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchcore Toolbar
[2012/04/02 21:05:13 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
[2012/04/02 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialSavings
[2012/04/02 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\I Want This
[2012/04/02 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I Want This
[2012/04/02 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/04/02 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Local\Babylon
[2012/04/02 19:36:02 | 000,000,000 | ---D | C] -- C:\Users\Courtnie\AppData\Roaming\Babylon
[2012/04/02 19:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP