Computer is very, very slow and internet crashes frequently

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bandcclare

Thread Starter
Joined
Jan 13, 2013
Messages
1
My computer is only 6 months old and I'm already having crashing and freezing problems. It takes about 7-8 minutes to boot up.

1. Copy and paste the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:20:08 PM, on 1/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Price Check by AOL - {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://yourconferencing.webex.com/client/T27L10NSP21EP5/webex/ieatgpc1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Anti-Theft (NAT) - Symantec Corporation - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11727 bytes

2. Copy and paste the contents of the dds.txt file.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Caroline at 15:21:19 on 2013-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3681.2123 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.toshiba.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://yourconferencing.webex.com/client/T27L10NSP21EP5/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0} : DHCPNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0}\44D2C496E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{27B7D16E-7F1A-4410-90C4-958989EFB8E0}\84543434F5055726C69636F575962756C6563737 : DHCPNameServer = 10.20.10.6 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-10-2 30568]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-10-11 168096]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-5-22 235520]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [2012-10-11 143928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2012-10-29 143928]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-8-11 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-5-22 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-9 295360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-5-22 95248]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2013-1-10 1384608]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys [2012-10-29 168096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-5-22 9216]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130113.001\IDSviA64.sys [2013-1-13 513184]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-22 38096]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-5-22 313448]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-22 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-5-22 1145448]
R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1402000.013\symds64.sys [2012-10-29 493216]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1402000.013\symefa64.sys [2012-10-29 1133216]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1402000.013\ironx64.sys [2012-10-29 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-10-29 432800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-22 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-2-24 138152]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-10 23:39:21 750592 ----a-w- C:\windows\System32\win32spl.dll
2013-01-10 23:39:21 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-01-10 23:39:03 2002432 ----a-w- C:\windows\System32\msxml6.dll
2013-01-10 23:39:03 1882624 ----a-w- C:\windows\System32\msxml3.dll
2013-01-10 23:39:03 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-01-10 23:39:03 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-01-10 23:39:02 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-01-10 23:39:01 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-01-10 23:39:00 800768 ----a-w- C:\windows\System32\usp10.dll
2013-01-10 23:39:00 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2013-01-10 23:33:51 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-12-28 14:39:21 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-28 14:39:21 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-28 14:39:18 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-28 14:39:18 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-10 23:53:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 23:53:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 23:57:14 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
.
============= FINISH: 15:22:05.43 ===============


3. Copy and paste the attach.txt file. There is no need to zip and attach it as suggested in the DDS instructions
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2012 12:05:09 PM
System Uptime: 1/13/2013 2:43:31 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 235.621 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 466 GiB total, 429.84 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP29: 11/14/2012 8:47:35 PM - Scheduled Checkpoint
RP30: 11/17/2012 7:12:41 AM - Windows Update
RP31: 11/28/2012 5:00:28 AM - Windows Update
RP32: 12/12/2012 8:56:09 PM - Windows Update
RP33: 12/13/2012 3:58:10 PM - Windows Update
RP34: 12/28/2012 9:36:08 AM - Windows Update
RP35: 1/10/2013 9:10:12 PM - Windows Update
RP36: 1/13/2013 1:08:28 PM - Windows Backup
RP37: 1/13/2013 2:06:15 PM - Windows Backup
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Amazon Links
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Software Update
AVG Security Toolbar
Bejeweled 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Download Updater (AOL Inc.)
FATE
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Letters from Nowhere 2
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Store Download Manager
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Norton Anti-Theft
Norton Internet Security
Norton PC Checkup
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Price Check by AOL
PS_AIO_07_D110_SW_Min
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 5.10
Snagit 11
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
Toshiba Security Dashboard
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App
WebEx
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

4. Copy and paste the contents of the ark.txt file
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-17 02:28:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABD032 rev.AX002M 298.09GB
Running: dh5ynn2f.exe; Driver: C:\Users\Caroline\AppData\Local\Temp\uxdyrkod.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes [E3, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes [E3, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1128] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes [E3, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4660] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000772593ec 5 bytes JMP 000000016b6e91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df25fd 6 bytes JMP 000000016b5b8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02a63 6 bytes JMP 000000016b559805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\kernel32.dll!CreateThread 0000000076fb34b5 5 bytes JMP 000000016b5575db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076c58a29 5 bytes JMP 000000016b5c03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076c5d22e 5 bytes JMP 000000016b56363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076c6291f 5 bytes JMP 000000016b53ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076c66285 5 bytes JMP 000000016b5b7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 000000016b5925ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076c6b029 5 bytes JMP 000000016b6e9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076c6c63e 5 bytes JMP 000000016b6e9390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076c750ed 5 bytes JMP 000000016b6e9a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076c75246 5 bytes JMP 000000016b6e92e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!EndDialog 0000000076c7b99c 5 bytes JMP 000000016b6e9d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076c7c701 5 bytes JMP 000000016b6e9a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076c7eb96 3 bytes JMP 000000016b53ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!GetAsyncKeyState + 4 0000000076c7eb9a 1 byte [F4]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 000000016b5ded00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SendInput 0000000076c7ff4a 5 bytes JMP 000000016b6ea2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076c810dc 5 bytes JMP 000000016b6e9320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076c814b2 5 bytes JMP 000000016b6ea341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076c99cfd 5 bytes JMP 000000016b6ea3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4712] C:\windows\syswow64\USER32.dll!keybd_event 0000000076cb02bf 5 bytes JMP 000000016b6ea2a6
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 000000010011091c
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 0000000100110048
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001001102ee
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001001104b2
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001001109fe
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 0000000100110ae0
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010002004c
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 000000010011012a
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 0000000100110758
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 0000000100110676
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001001103d0
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 0000000100110594
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 000000010011083a
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 000000010011020c
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 000000010012059e
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes [E3, 76]
.text ... * 9
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes [E3, 76]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4684] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes [E3, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df25fd 6 bytes JMP 000000016b5b8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02a63 6 bytes JMP 000000016b559805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\kernel32.dll!CreateThread 0000000076fb34b5 5 bytes JMP 000000016b5575db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076c58a29 5 bytes JMP 000000016b5c03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076c5d22e 5 bytes JMP 000000016b56363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076c6291f 5 bytes JMP 000000016b53ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076c62da4 5 bytes JMP 000000016b599eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076c66285 5 bytes JMP 000000016b5b7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 000000016b5925ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076c6b029 5 bytes JMP 000000016b6e9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076c6c63e 5 bytes JMP 000000016b6e9390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076c750ed 5 bytes JMP 000000016b6e9a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076c75246 5 bytes JMP 000000016b6e92e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!EndDialog 0000000076c7b99c 5 bytes JMP 000000016b6e9d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076c7c701 5 bytes JMP 000000016b6e9a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c7cbf3 5 bytes JMP 000000016b6e8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c7cfca 5 bytes JMP 000000016b4f1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076c7eb96 3 bytes JMP 000000016b53ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!GetAsyncKeyState + 4 0000000076c7eb9a 1 byte [F4]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 000000016b5ded00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SendInput 0000000076c7ff4a 5 bytes JMP 000000016b6ea2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076c810dc 5 bytes JMP 000000016b6e9320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076c814b2 5 bytes JMP 000000016b6ea341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076c99cfd 5 bytes JMP 000000016b6ea3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076c9cb0c 5 bytes JMP 000000016b6e8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076c9ce64 5 bytes JMP 000000016b6e901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cafbd1 5 bytes JMP 000000016b6e8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cafc9d 5 bytes JMP 000000016b6e8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076cafcd6 5 bytes JMP 000000016b6e8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076cafcfa 5 bytes JMP 000000016b6e8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\USER32.dll!keybd_event 0000000076cb02bf 5 bytes JMP 000000016b6ea2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000076e46143 5 bytes JMP 000000016b6e9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 00000000771f3e59 5 bytes JMP 000000016b6e987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!VariantClear 00000000771f3eae 5 bytes JMP 000000016b6e98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000771f4731 5 bytes JMP 000000016b6e97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000771f5dee 5 bytes JMP 000000016b6e989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000772593ec 5 bytes JMP 000000016b6e91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000727d388e 5 bytes JMP 000000016b6e9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072877922 5 bytes JMP 000000016b6e9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PrintDlgW 0000000075c333a3 5 bytes JMP 000000016b6e946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075c42694 5 bytes JMP 000000016b6e93c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2480] C:\windows\syswow64\comdlg32.dll!PrintDlgA 0000000075c4e8ff 5 bytes JMP 000000016b6e9538
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 00000001001d091c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 00000001001d0048
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001001d02ee
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001001d04b2
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001001d09fe
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 00000001001d0ae0
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010003004c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 00000001001d012a
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 00000001001d0758
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 00000001001d0676
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001001d03d0
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 00000001001d0594
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 00000001001d083a
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 00000001001d020c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 00000001001e04bc
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000774a524f 7 bytes JMP 00000001001d0f52
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774a53d0 7 bytes JMP 00000001001e0210
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000774a5677 1 byte JMP 00000001001e0048
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000774a5679 5 bytes {JMP 0xffffffff88d3a9d1}
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000774a589a 7 bytes JMP 00000001001d0ca6
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000774a5a1d 7 bytes JMP 00000001001e03d8
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000774a5c9b 7 bytes JMP 00000001001e012c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000774a5d87 7 bytes JMP 00000001001e02f4
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe[3508] C:\windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000774a7240 7 bytes JMP 00000001001d0e6e
? C:\windows\system32\mssprxy.dll [4216] entry point in ".rdata" section 0000000074ee71e6
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ddfc90 5 bytes JMP 000000010028091c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ddfdf4 5 bytes JMP 0000000100280048
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077ddfe88 5 bytes JMP 00000001002802ee
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077ddffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077de0018 5 bytes JMP 00000001002809fe
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077de0048 5 bytes JMP 0000000100280ae0
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077de0064 5 bytes JMP 000000010002004c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077de077c 5 bytes JMP 000000010028012a
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077de086c 5 bytes JMP 0000000100280758
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077de0884 5 bytes JMP 0000000100280676
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077de0dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077de1900 5 bytes JMP 0000000100280594
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077de1bc4 5 bytes JMP 000000010028083a
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077de1d50 5 bytes JMP 000000010028020c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000774a524f 7 bytes JMP 0000000100280f52
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774a53d0 7 bytes JMP 0000000100290210
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000774a5677 1 byte JMP 0000000100290048
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000774a5679 5 bytes {JMP 0xffffffff88dea9d1}
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000774a589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000774a5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000774a5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000774a5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000774a7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe[5232] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ca1492 7 bytes JMP 00000001002904bc
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [4032:5048] 0000000071d4a3e0
Thread C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe [4684:4408] 0000000000020060
Thread C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIB2Z6X9\HijackThis.exe [3508:3640] 0000000000030060
Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4676:1956] 0000000000020060
Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4468:4948] 0000000000030060
Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [5384:5612] 0000000000020060
Thread C:\Program Files (x86)\Google\Update\Install\{09209A1E-9614-4E32-ABBB-13D5BF70C684}\24.0.1312.52_23.0.1271.97_chrome_updater.exe [5240:5368] 0000000000020060
Thread C:\windows\TEMP\CR_C5C1F.tmp\setup.exe [3576:1080] 0000000000020060
Thread C:\Users\Caroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4EY4VRY\dh5ynn2f.exe [5232:5752] 0000000000020060
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [4032] 0000000071560000
Library C:\windows\TEMP\CR_C5C1F.tmp\setup.exe (*** suspicious ***) @ C:\windows\TEMP\CR_C5C1F.tmp\setup.exe [3576] 0000000000c90000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}\[email protected] isatap.{7112DC61-31B1-4B67-A696-600D1998BFEF}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{471110ED-6A05-491D-A91E-5E268B6E2D5E}?\Device\{79815809-60A6-4CC7-9728-B130EB369237}?\Device\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}?\Device\{80D8BF29-C3CA-477B-8AD2-80A216FD117B}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{471110ED-6A05-491D-A91E-5E268B6E2D5E}"?"{79815809-60A6-4CC7-9728-B130EB369237}"?"{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}"?"{80D8BF29-C3CA-477B-8AD2-80A216FD117B}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{471110ED-6A05-491D-A91E-5E268B6E2D5E}?\Device\TCPIP6TUNNEL_{79815809-60A6-4CC7-9728-B130EB369237}?\Device\TCPIP6TUNNEL_{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}?\Device\TCPIP6TUNNEL_{80D8BF29-C3CA-477B-8AD2-80A216FD117B}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}@InterfaceName isatap.{7112DC61-31B1-4B67-A696-600D1998BFEF}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{94643BF6-08FC-48FE-9C68-F1CC4EB066F7}@ReusableType 0
---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top