TechSpot

Hit by the System Check virus

Inactive
By funkymonky
Jan 22, 2012
  1. Hey guys, I need some help with getting rid of the System Check virus. I keep getting pop ups saying the hard drive clustered are damaged, a bunch of my desktop icons have disappeared, and the computer is running slow overall. I went through the 5 steps on malware removal, and i'll put the logs in the next few posts. Any help is greatly appreciated, thanks!
     
  2. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    malware bytes log

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.19.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    ngan :: HELEN-PC [administrator]

    1/21/2012 4:51:22 PM
    mbam-log-2012-01-21 (16-51-22).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 420779
    Time elapsed: 3 hour(s), 28 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\ngan\AppData\Local\Temp\p9pl2206253129926039853.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.

    (end)
     
  3. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    GMER log

    Not sure if I should run this one again

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-21 23:42:49
    Windows 6.0.6002 Service Pack 2
    Running: vh4cy0vp.exe; Driver: C:\Users\ngan\AppData\Local\Temp\awtoipow.sys


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB56859$\2926217320 0 bytes
    File C:\Windows\$NtUninstallKB56859$\3233291939 0 bytes
    File C:\Windows\$NtUninstallKB56859$\3233291939\L 0 bytes
    File C:\Windows\$NtUninstallKB56859$\3233291939\U 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    DDS Log

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_22
    Run by ngan at 23:45:06 on 2012-01-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.723 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\dlbkcoms.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Toshiba\IVP\ISM\pinger.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Toshiba\Utilities\KeNotify.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Dell AIO Printer A920\DLBKbmgr.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\LQWxKGCKoVDdhWT.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\ProgramData\Bp26Blb39DVrGH.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\consent.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre2.dll
    TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Spotify] "c:\users\ngan\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
    uRun: [LQWxKGCKoVDdhWT.exe] c:\programdata\LQWxKGCKoVDdhWT.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [Skytel] Skytel.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [dlbkbmgr.exe] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0F334C34-DA0E-4CC7-9B30-DD2FF09902A1} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20111112
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ce5d87e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
    FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
    FF - component: c:\users\ngan\appdata\roaming\mozilla\firefox\profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\ngan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-5-6 20352]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 awtoipow;awtoipow;C:\awtoipow.sys [2012-1-21 100864]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca5cf69c6e592b;Google Update Service (gupdate1ca5cf69c6e592b);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-5-6 937984]
    S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-22 04:49:47 100864 ----a-w- C:\awtoipow.sys
    2012-01-22 00:53:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9182294-b989-4eab-9f41-4d85602575d8}\offreg.dll
    2012-01-22 00:45:45 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9182294-b989-4eab-9f41-4d85602575d8}\mpengine.dll
    2012-01-21 08:31:28 364262 ---ha-w- c:\programdata\Bp26Blb39DVrGH.exe
    2012-01-21 08:28:48 451302 ---ha-w- c:\programdata\LQWxKGCKoVDdhWT.exe
    2012-01-19 06:34:36 -------- d-----w- c:\windows\system32\cache
    2012-01-11 21:58:23 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 21:58:22 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 21:58:16 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 21:58:12 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 21:58:06 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 21:58:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-11 21:57:51 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 21:57:50 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-09 07:49:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-09 07:49:59 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-09 07:49:58 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-09 07:49:58 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-07 23:49:37 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2012-01-05 23:56:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-05 23:12:38 -------- d--h--w- c:\users\ngan\appdata\roaming\AVG2012
    2012-01-05 23:11:27 -------- d--h--w- c:\programdata\AVG Secure Search
    2012-01-05 23:11:14 -------- d-----w- c:\program files\AVG Secure Search
    2012-01-05 22:58:09 -------- d--h--w- c:\users\ngan\appdata\roaming\AVG
    .
    ==================== Find3M ====================
    .
    2012-01-19 00:21:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 23:46:55.35 ===============
     
  5. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    and finally, the attatch log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/6/2008 8:01:21 AM
    System Uptime: 1/21/2012 8:23:51 PM (3 hours ago)
    .
    Motherboard: TOSHIBA | | ISKAA
    Processor: Intel(R) Celeron(R) CPU 540 @ 1.86GHz | U2E1 | 1862/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 110 GiB total, 57.468 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.1
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    Atheros Wi-Fi Protected Setup Library
    AVG 2012
    BFlix Toolbar
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Canon iP1700
    Canon iP1700 User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Dell AIO Printer A920
    DivX Setup
    DVD MovieFactory for TOSHIBA
    Easy-WebPrint
    Facebook Plug-In
    Freecorder
    Freecorder Toolbar
    GearDrvs
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 22
    Linksys EasyLink Advisor
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Office Converter Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Organization Chart 2.0
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XML Parser
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    OGA Notifier 2.0.0048.0
    Pure Networks Platform
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skype web features
    Skype™ 4.1
    Spotify
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Games
    TOSHIBA Hardware Setup
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Utility Common Driver
    VC80CRTRedist - 8.0.50727.4053
    Verizon FiOS Activation
    Verizon Help and Support Tool
    Vz In Home Agent
    WebEx Support Manager for Internet Explorer
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/21/2012 8:32:06 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/21/2012 8:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
    1/21/2012 8:26:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/21/2012 8:26:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/21/2012 8:26:04 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/21/2012 8:26:04 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/21/2012 8:25:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/21/2012 5:57:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    1/21/2012 5:57:13 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    1/21/2012 4:47:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/21/2012 4:24:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/21/2012 2:15:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/21/2012 2:13:30 PM, Error: EventLog [6008] - The previous system shutdown at 12:44:34 AM on 1/21/2012 was unexpected.
    1/20/2012 3:41:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/20/2012 3:24:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/19/2012 1:32:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/19/2012 1:18:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 6:33:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 12:19:01 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B9EF26A52. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help with the malware.

    But we need to address this first:
    AV: Microsoft Security Essentials *Enabled
    AV: AVG Internet Security 2012 *Enabled/
    FW: AVG Firewall *Enabled
    >>>>> ONE antivirus, ONE firewall<<<<<<<<<<<<
    Please remove one of these. Reboot when finished.
    Consider this: I will have you run Combofix later. It will not run with AVG on the system so AVG will need to be temporarily uninstalled. We provide you with 2 links from which to choose a temporary AV program. If AVG is your preference of the above, go ahead and uninstall MSE now and I will instruct you about AVG when we get there.
    ============================
    Please run the following- it will take away the attribute from the malware that makes the icons, programs, etc. seem missing:
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware itself so it is important that you continue.
    ===========================
    There are several very active malware infections that cause some of the same symptoms- but their fix is different. So I'd like you to go ahead with Combofix to help define which rogue it running. Ignore the alerts and error messages you are getting. They are 'invented' by the malware to try and trick you into buying a program to fix problems you don't have!
    ==========================
    To be on the safe side, do not use any cleaning program that removes the temporary files at this time.
    ===========================
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ============================================
    Please paste the Combofix log into your next reply.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  7. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    thanks!

    sorry for the slow response, the computer is running at a snail's pace, but I'm downloading AppRemover right now to take off AVG. I'll download Combofix after that and keep you updated. Thanks again for your help!
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay. Close any other running programs that aren't being used> How much RAM is installed?

    Post logs when ready.
     
  9. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    MSE

    hmm, I turned off the real time protection on MSE, but ComboFix keeps saying that it's active and i need to "disable these scanners before clicking OK". Should I continue anyways? ComboFix only took up 4.18 MB, and the computer is already running faster :)
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Go ahead and bypass the warning and run the scan.

    I went looking for suggestions and found this on a TechNet forum:

    To disable Microsoft Security Essentials:
    An additional suggestion was:
    I am always amazed when someone asks how to disable security program that 30 people avoid giving the instructions and instead spend post after post giving them all the reasons why they "shouldn't" do it!

    You'd think the MVPs et al would know that there are times when security has to be disabled!

    Sorry> off of soapbox now!
     
  11. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    aha, no worries, I know exactly how you feel. Sometimes you just have to risk disabling AV programs if you wanna fix your computer! Anywho, so ComboFix has been running for about an hour now, but nothing's changed aside from the blue screen that says it shouldn't take more than 10 minutes. Is there supposed to be a timer on that screen? Because mine doesn't have one, and the cursor just sits there blinking. Should I reboot and try again?
     
     
  12. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    I rebooted the computer to try ComboFix again, and now all my desktop icons have disappeared again. I downloaded Rkill, so here's the log:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/23/2012 at 21:39:53.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\ProgramData\LQWxKGCKoVDdhWT.exe
    C:\ProgramData\Bp26Blb39DVrGH.exe


    Rkill completed on 01/23/2012 at 21:41:26.
     
  13. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    combofix keeps telling me that access is denied while waiting to scan because administrator permission is needed. i've also tried running it in safe mode, uninstalling and reinstalling, and the same thing keeps happening
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Those processes stopped by RKill are from the malware. When you run RKill, you should not reboot the computer before running Combofix- if you do, the malware entries will return.

    Try this once: Do a right click on combofix.exe> Run as Administrator> then go ahead with this> Double click combofix.exe & follow the prompts.
    IF that doesn't work, skip Combofix for now and do the following:

    If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    ============================================
    See below. Do this if needed: Press Windows+R key> type cmd> OK

    1. If your task manager is disabled,copy and run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
    Press Enter

    2. If you're desktop is blank and unable to right click on it ,run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Press Enter
    ==============================
    Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
    --------------------------
    The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
    1. Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
    ================================
    2. Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    3. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after running RKill as the malware programs will start again.
    ================================
    4. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    5. Update and rescan with Malwarebytes:
    • Select Perform Full Scan on the Scanner tab
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
    ==============================
    6. Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    7. Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    ====================================
    You can now reboot back into Normal Mode.
    =======================================
    Please leave logs for TDSSKiller and new Mbam in next reply.
     
  15. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    in case you need it, this is what showed up when i went into cmd and pasted the commands:

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Users\ngan>
    C:\Users\ngan>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\C
    urrentVersion\Policies\System /v DisableTaskMgr
    Delete the registry value DisableTaskMgr (Yes/No)? ERROR: Access is denied.

    C:\Users\ngan>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\C
    urrentVersion\Policies\Explorer /v NoDesktop[/b]
    Delete the registry value NoDesktop[/b] (Yes/No)? ERROR: Access is denied.

    C:\Users\ngan>
     
  16. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    TDSSKiller log

    dang it, it says no infections found

    14:18:45.0130 2012 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    14:18:45.0645 2012 ============================================================
    14:18:45.0645 2012 Current date / time: 2012/01/24 14:18:45.0645
    14:18:45.0645 2012 SystemInfo:
    14:18:45.0645 2012
    14:18:45.0645 2012 OS Version: 6.0.6002 ServicePack: 2.0
    14:18:45.0645 2012 Product type: Workstation
    14:18:45.0645 2012 ComputerName: HELEN-PC
    14:18:45.0661 2012 UserName: ngan
    14:18:45.0661 2012 Windows directory: C:\Windows
    14:18:45.0661 2012 System windows directory: C:\Windows
    14:18:45.0661 2012 Processor architecture: Intel x86
    14:18:45.0661 2012 Number of processors: 1
    14:18:45.0661 2012 Page size: 0x1000
    14:18:45.0661 2012 Boot type: Safe boot with network
    14:18:45.0661 2012 ============================================================
    14:18:47.0408 2012 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:18:47.0439 2012 Initialize success
    14:19:12.0633 0828 ============================================================
    14:19:12.0633 0828 Scan started
    14:19:12.0633 0828 Mode: Manual;
    14:19:12.0633 0828 ============================================================
    14:19:13.0319 0828 .netbt - ok
    14:19:13.0460 0828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    14:19:13.0460 0828 ACPI - ok
    14:19:13.0553 0828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    14:19:13.0553 0828 adp94xx - ok
    14:19:13.0663 0828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    14:19:13.0678 0828 adpahci - ok
    14:19:13.0756 0828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    14:19:13.0772 0828 adpu160m - ok
    14:19:13.0834 0828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    14:19:13.0834 0828 adpu320 - ok
    14:19:13.0975 0828 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    14:19:13.0990 0828 AFD - ok
    14:19:14.0115 0828 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    14:19:14.0131 0828 AgereSoftModem - ok
    14:19:14.0224 0828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    14:19:14.0240 0828 agp440 - ok
    14:19:14.0318 0828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    14:19:14.0318 0828 aic78xx - ok
    14:19:14.0365 0828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    14:19:14.0365 0828 aliide - ok
    14:19:14.0474 0828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    14:19:14.0474 0828 amdagp - ok
    14:19:14.0552 0828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    14:19:14.0552 0828 amdide - ok
    14:19:14.0614 0828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    14:19:14.0614 0828 AmdK7 - ok
    14:19:14.0723 0828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    14:19:14.0723 0828 AmdK8 - ok
    14:19:14.0833 0828 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
    14:19:14.0833 0828 ApfiltrService - ok
    14:19:14.0989 0828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    14:19:14.0989 0828 arc - ok
    14:19:15.0035 0828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    14:19:15.0051 0828 arcsas - ok
    14:19:15.0113 0828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:19:15.0113 0828 AsyncMac - ok
    14:19:15.0191 0828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    14:19:15.0191 0828 atapi - ok
    14:19:15.0269 0828 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
    14:19:15.0316 0828 athr - ok
    14:19:15.0457 0828 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
    14:19:15.0457 0828 Avgfwfd - ok
    14:19:15.0566 0828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    14:19:15.0566 0828 Beep - ok
    14:19:15.0675 0828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    14:19:15.0675 0828 blbdrive - ok
    14:19:15.0784 0828 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    14:19:15.0784 0828 bowser - ok
    14:19:15.0878 0828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    14:19:15.0878 0828 BrFiltLo - ok
    14:19:15.0940 0828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    14:19:15.0956 0828 BrFiltUp - ok
    14:19:16.0034 0828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    14:19:16.0049 0828 Brserid - ok
    14:19:16.0081 0828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    14:19:16.0081 0828 BrSerWdm - ok
    14:19:16.0190 0828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    14:19:16.0190 0828 BrUsbMdm - ok
    14:19:16.0283 0828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    14:19:16.0283 0828 BrUsbSer - ok
    14:19:16.0361 0828 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    14:19:16.0361 0828 BTHMODEM - ok
    14:19:16.0471 0828 catchme - ok
    14:19:16.0580 0828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:19:16.0580 0828 cdfs - ok
    14:19:16.0642 0828 Cdr4_xp - ok
    14:19:16.0736 0828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    14:19:16.0783 0828 cdrom - ok
    14:19:17.0126 0828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    14:19:17.0141 0828 circlass - ok
    14:19:17.0235 0828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    14:19:17.0235 0828 CLFS - ok
    14:19:17.0391 0828 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:19:17.0422 0828 CmBatt - ok
    14:19:17.0453 0828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    14:19:17.0453 0828 cmdide - ok
    14:19:17.0500 0828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    14:19:17.0516 0828 Compbatt - ok
    14:19:17.0625 0828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    14:19:17.0625 0828 crcdisk - ok
    14:19:17.0687 0828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    14:19:17.0687 0828 Crusoe - ok
    14:19:17.0781 0828 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    14:19:17.0781 0828 DfsC - ok
    14:19:17.0968 0828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    14:19:17.0968 0828 disk - ok
    14:19:18.0155 0828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    14:19:18.0155 0828 drmkaud - ok
    14:19:18.0218 0828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    14:19:18.0233 0828 DXGKrnl - ok
    14:19:18.0374 0828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    14:19:18.0374 0828 E1G60 - ok
    14:19:18.0483 0828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    14:19:18.0483 0828 Ecache - ok
    14:19:18.0592 0828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    14:19:18.0608 0828 elxstor - ok
    14:19:18.0748 0828 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    14:19:18.0748 0828 ErrDev - ok
    14:19:18.0842 0828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    14:19:18.0857 0828 exfat - ok
    14:19:18.0951 0828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    14:19:18.0967 0828 fastfat - ok
    14:19:19.0029 0828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    14:19:19.0029 0828 fdc - ok
    14:19:19.0138 0828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    14:19:19.0138 0828 FileInfo - ok
    14:19:19.0185 0828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    14:19:19.0185 0828 Filetrace - ok
    14:19:19.0263 0828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:19:19.0263 0828 flpydisk - ok
    14:19:19.0357 0828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    14:19:19.0372 0828 FltMgr - ok
    14:19:19.0513 0828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    14:19:19.0513 0828 Fs_Rec - ok
    14:19:19.0591 0828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    14:19:19.0591 0828 gagp30kx - ok
    14:19:19.0747 0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    14:19:19.0747 0828 GEARAspiWDM - ok
    14:19:19.0871 0828 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    14:19:19.0887 0828 HdAudAddService - ok
    14:19:19.0996 0828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:19:20.0012 0828 HDAudBus - ok
    14:19:20.0090 0828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    14:19:20.0090 0828 HidBth - ok
    14:19:20.0199 0828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    14:19:20.0199 0828 HidIr - ok
    14:19:20.0293 0828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    14:19:20.0293 0828 HidUsb - ok
    14:19:20.0355 0828 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    14:19:20.0355 0828 HpCISSs - ok
    14:19:20.0480 0828 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    14:19:20.0480 0828 HTTP - ok
    14:19:20.0573 0828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    14:19:20.0573 0828 i2omp - ok
    14:19:20.0667 0828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:19:20.0683 0828 i8042prt - ok
    14:19:20.0761 0828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    14:19:20.0761 0828 iaStorV - ok
    14:19:20.0963 0828 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
    14:19:21.0010 0828 igfx - ok
    14:19:21.0104 0828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    14:19:21.0104 0828 iirsp - ok
    14:19:21.0307 0828 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
    14:19:21.0353 0828 IntcAzAudAddService - ok
    14:19:21.0478 0828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    14:19:21.0478 0828 intelide - ok
    14:19:21.0509 0828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    14:19:21.0509 0828 intelppm - ok
    14:19:21.0572 0828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:19:21.0572 0828 IpFilterDriver - ok
    14:19:21.0619 0828 IpInIp - ok
    14:19:21.0712 0828 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    14:19:21.0712 0828 IPMIDRV - ok
    14:19:21.0759 0828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    14:19:21.0759 0828 IPNAT - ok
    14:19:21.0899 0828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    14:19:21.0899 0828 IRENUM - ok
    14:19:21.0946 0828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    14:19:21.0946 0828 isapnp - ok
    14:19:22.0009 0828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:19:22.0009 0828 iScsiPrt - ok
    14:19:22.0336 0828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    14:19:22.0336 0828 iteatapi - ok
    14:19:22.0445 0828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    14:19:22.0445 0828 iteraid - ok
    14:19:22.0523 0828 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
    14:19:22.0523 0828 jswpslwf - ok
    14:19:22.0570 0828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:19:22.0570 0828 kbdclass - ok
    14:19:22.0679 0828 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    14:19:22.0679 0828 kbdhid - ok
    14:19:22.0757 0828 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
    14:19:22.0773 0828 KR10I - ok
    14:19:22.0851 0828 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
    14:19:22.0851 0828 KR10N - ok
    14:19:22.0960 0828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    14:19:22.0976 0828 KSecDD - ok
    14:19:23.0116 0828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    14:19:23.0132 0828 lltdio - ok
    14:19:23.0179 0828 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
    14:19:23.0179 0828 LPCFilter - ok
    14:19:23.0303 0828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    14:19:23.0303 0828 LSI_FC - ok
    14:19:23.0366 0828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    14:19:23.0366 0828 LSI_SAS - ok
    14:19:23.0428 0828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    14:19:23.0444 0828 LSI_SCSI - ok
    14:19:23.0522 0828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    14:19:23.0522 0828 luafv - ok
    14:19:23.0662 0828 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
    14:19:23.0709 0828 LVcKap - ok
    14:19:23.0943 0828 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
    14:19:23.0990 0828 LVMVDrv - ok
    14:19:24.0239 0828 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys
    14:19:24.0271 0828 lvpopflt - ok
    14:19:24.0395 0828 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    14:19:24.0411 0828 LVPr2Mon - ok
    14:19:24.0489 0828 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
    14:19:24.0489 0828 LVUSBSta - ok
    14:19:24.0723 0828 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys
    14:19:24.0817 0828 LVUVC - ok
    14:19:24.0988 0828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    14:19:24.0988 0828 megasas - ok
    14:19:25.0035 0828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    14:19:25.0051 0828 MegaSR - ok
    14:19:25.0175 0828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    14:19:25.0175 0828 Modem - ok
    14:19:25.0222 0828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    14:19:25.0222 0828 monitor - ok
    14:19:25.0300 0828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    14:19:25.0300 0828 mouclass - ok
    14:19:25.0378 0828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    14:19:25.0378 0828 mouhid - ok
    14:19:25.0441 0828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    14:19:25.0441 0828 MountMgr - ok
    14:19:25.0550 0828 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    14:19:25.0550 0828 MpFilter - ok
    14:19:25.0612 0828 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    14:19:25.0612 0828 mpio - ok
    14:19:25.0721 0828 MpKsl082712e8 - ok
    14:19:25.0753 0828 MpKsl0fcf55b5 - ok
    14:19:25.0784 0828 MpKsl266654e7 - ok
    14:19:25.0893 0828 MpKsl274f4448 - ok
    14:19:25.0909 0828 MpKsl29e05255 - ok
    14:19:25.0924 0828 MpKsl566a92d8 - ok
    14:19:25.0971 0828 MpKsl5df3622d - ok
    14:19:25.0987 0828 MpKsl65e3cb49 - ok
    14:19:25.0987 0828 MpKsl7748d916 - ok
    14:19:26.0018 0828 MpKsl7eaab1d5 - ok
    14:19:26.0033 0828 MpKslcfb3a591 - ok
    14:19:26.0049 0828 MpKsld48eea5f - ok
    14:19:26.0174 0828 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    14:19:26.0174 0828 MpNWMon - ok
    14:19:26.0236 0828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    14:19:26.0236 0828 mpsdrv - ok
    14:19:26.0345 0828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    14:19:26.0345 0828 Mraid35x - ok
    14:19:26.0455 0828 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    14:19:26.0455 0828 MREMP50 - ok
    14:19:26.0470 0828 MREMP50a64 - ok
    14:19:26.0486 0828 MREMPR5 - ok
    14:19:26.0486 0828 MRENDIS5 - ok
    14:19:26.0548 0828 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    14:19:26.0548 0828 MRESP50 - ok
    14:19:26.0564 0828 MRESP50a64 - ok
    14:19:26.0673 0828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    14:19:26.0673 0828 MRxDAV - ok
    14:19:26.0735 0828 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:19:26.0735 0828 mrxsmb - ok
    14:19:26.0860 0828 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:19:26.0860 0828 mrxsmb10 - ok
    14:19:26.0923 0828 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:19:26.0923 0828 mrxsmb20 - ok
    14:19:27.0047 0828 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    14:19:27.0047 0828 msahci - ok
    14:19:27.0110 0828 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    14:19:27.0110 0828 msdsm - ok
    14:19:27.0157 0828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    14:19:27.0157 0828 Msfs - ok
    14:19:27.0235 0828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    14:19:27.0235 0828 msisadrv - ok
    14:19:27.0531 0828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    14:19:27.0531 0828 MSKSSRV - ok
    14:19:27.0703 0828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:19:27.0703 0828 MSPCLOCK - ok
    14:19:27.0734 0828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    14:19:27.0734 0828 MSPQM - ok
    14:19:27.0781 0828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    14:19:27.0781 0828 MsRPC - ok
    14:19:27.0921 0828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:19:27.0921 0828 mssmbios - ok
    14:19:27.0952 0828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    14:19:27.0952 0828 MSTEE - ok
    14:19:27.0999 0828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    14:19:27.0999 0828 Mup - ok
    14:19:28.0139 0828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    14:19:28.0139 0828 NativeWifiP - ok
    14:19:28.0186 0828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    14:19:28.0186 0828 NDIS - ok
    14:19:28.0249 0828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:19:28.0249 0828 NdisTapi - ok
    14:19:28.0342 0828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:19:28.0342 0828 Ndisuio - ok
    14:19:28.0420 0828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:19:28.0420 0828 NdisWan - ok
    14:19:28.0514 0828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    14:19:28.0514 0828 NDProxy - ok
    14:19:28.0576 0828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    14:19:28.0576 0828 NetBIOS - ok
    14:19:28.0795 0828 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    14:19:28.0841 0828 NETw3v32 - ok
    14:19:28.0966 0828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    14:19:28.0982 0828 nfrd960 - ok
    14:19:29.0029 0828 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    14:19:29.0029 0828 NisDrv - ok
    14:19:29.0169 0828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    14:19:29.0169 0828 Npfs - ok
    14:19:29.0216 0828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    14:19:29.0216 0828 nsiproxy - ok
    14:19:29.0387 0828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    14:19:29.0403 0828 Ntfs - ok
    14:19:29.0497 0828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    14:19:29.0497 0828 ntrigdigi - ok
    14:19:29.0543 0828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    14:19:29.0543 0828 Null - ok
    14:19:29.0575 0828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    14:19:29.0575 0828 nvraid - ok
    14:19:29.0606 0828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    14:19:29.0606 0828 nvstor - ok
    14:19:29.0731 0828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    14:19:29.0731 0828 nv_agp - ok
    14:19:29.0746 0828 NwlnkFlt - ok
    14:19:29.0777 0828 NwlnkFwd - ok
    14:19:29.0824 0828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    14:19:29.0824 0828 ohci1394 - ok
    14:19:30.0011 0828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    14:19:30.0011 0828 Parport - ok
    14:19:30.0058 0828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    14:19:30.0074 0828 partmgr - ok
    14:19:30.0199 0828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    14:19:30.0199 0828 Parvdm - ok
    14:19:30.0261 0828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    14:19:30.0261 0828 pci - ok
    14:19:30.0355 0828 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    14:19:30.0355 0828 pciide - ok
    14:19:30.0448 0828 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:19:30.0464 0828 pcmcia - ok
    14:19:30.0589 0828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    14:19:30.0604 0828 PEAUTH - ok
    14:19:30.0729 0828 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
    14:19:30.0729 0828 pnarp - ok
    14:19:30.0838 0828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    14:19:30.0838 0828 PptpMiniport - ok
    14:19:30.0932 0828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    14:19:30.0932 0828 Processor - ok
    14:19:31.0041 0828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    14:19:31.0041 0828 PSched - ok
    14:19:31.0135 0828 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
    14:19:31.0135 0828 purendis - ok
    14:19:31.0213 0828 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
    14:19:31.0213 0828 PxHelp20 - ok
    14:19:31.0337 0828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    14:19:31.0384 0828 ql2300 - ok
    14:19:31.0447 0828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    14:19:31.0447 0828 ql40xx - ok
    14:19:31.0571 0828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    14:19:31.0571 0828 QWAVEdrv - ok
    14:19:31.0634 0828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    14:19:31.0634 0828 RasAcd - ok
    14:19:31.0696 0828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:19:31.0696 0828 Rasl2tp - ok
    14:19:31.0837 0828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:19:31.0837 0828 RasPppoe - ok
    14:19:31.0899 0828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    14:19:31.0899 0828 RasSstp - ok
    14:19:31.0961 0828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    14:19:31.0961 0828 rdbss - ok
    14:19:32.0149 0828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:19:32.0149 0828 RDPCDD - ok
    14:19:32.0242 0828 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    14:19:32.0242 0828 rdpdr - ok
    14:19:32.0305 0828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    14:19:32.0305 0828 RDPENCDD - ok
    14:19:32.0383 0828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    14:19:32.0398 0828 RDPWD - ok
    14:19:32.0492 0828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    14:19:32.0492 0828 rspndr - ok
    14:19:32.0929 0828 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
    14:19:32.0929 0828 RTL8169 - ok
    14:19:33.0194 0828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    14:19:33.0209 0828 sbp2port - ok
    14:19:33.0412 0828 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    14:19:33.0412 0828 sdbus - ok
    14:19:33.0490 0828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    14:19:33.0490 0828 secdrv - ok
    14:19:33.0615 0828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    14:19:33.0615 0828 Serenum - ok
    14:19:33.0693 0828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    14:19:33.0693 0828 Serial - ok
    14:19:33.0802 0828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    14:19:33.0802 0828 sermouse - ok
    14:19:33.0865 0828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    14:19:33.0865 0828 sffdisk - ok
    14:19:33.0943 0828 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    14:19:33.0943 0828 sffp_mmc - ok
    14:19:34.0177 0828 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:19:34.0177 0828 sffp_sd - ok
    14:19:34.0520 0828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    14:19:34.0520 0828 sfloppy - ok
    14:19:34.0879 0828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    14:19:34.0879 0828 sisagp - ok
    14:19:35.0035 0828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    14:19:35.0081 0828 SiSRaid2 - ok
    14:19:35.0128 0828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    14:19:35.0128 0828 SiSRaid4 - ok
    14:19:35.0269 0828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    14:19:35.0269 0828 Smb - ok
    14:19:35.0347 0828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    14:19:35.0347 0828 spldr - ok
    14:19:35.0627 0828 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    14:19:35.0643 0828 srv - ok
    14:19:35.0924 0828 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    14:19:35.0924 0828 srv2 - ok
    14:19:36.0439 0828 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    14:19:36.0454 0828 srvnet - ok
    14:19:36.0719 0828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    14:19:36.0719 0828 swenum - ok
    14:19:36.0938 0828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    14:19:36.0969 0828 Symc8xx - ok
    14:19:37.0000 0828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    14:19:37.0000 0828 Sym_hi - ok
    14:19:37.0047 0828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    14:19:37.0047 0828 Sym_u3 - ok
    14:19:37.0328 0828 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
    14:19:37.0328 0828 SynTP - ok
    14:19:37.0593 0828 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
    14:19:37.0609 0828 Tcpip - ok
    14:19:38.0201 0828 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
    14:19:38.0201 0828 Tcpip6 - ok
    14:19:38.0576 0828 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
    14:19:38.0576 0828 tcpipreg - ok
    14:19:38.0685 0828 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    14:19:38.0685 0828 tdcmdpst - ok
    14:19:38.0794 0828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    14:19:38.0794 0828 TDPIPE - ok
    14:19:38.0857 0828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    14:19:38.0857 0828 TDTCP - ok
    14:19:39.0044 0828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    14:19:39.0044 0828 tdx - ok
    14:19:39.0153 0828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    14:19:39.0153 0828 TermDD - ok
    14:19:39.0309 0828 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
    14:19:39.0325 0828 tifm21 - ok
    14:19:39.0543 0828 Tosrfcom - ok
    14:19:39.0668 0828 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    14:19:39.0668 0828 tosrfec - ok
    14:19:39.0839 0828 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    14:19:39.0839 0828 tos_sps32 - ok
    14:19:39.0902 0828 TpChoice - ok
    14:19:39.0995 0828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:19:39.0995 0828 tssecsrv - ok
    14:19:40.0042 0828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    14:19:40.0042 0828 tunmp - ok
    14:19:40.0105 0828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    14:19:40.0120 0828 tunnel - ok
    14:19:40.0307 0828 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    14:19:40.0323 0828 TVALZ - ok
    14:19:40.0479 0828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    14:19:40.0479 0828 uagp35 - ok
    14:19:40.0557 0828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    14:19:40.0573 0828 udfs - ok
    14:19:40.0775 0828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    14:19:40.0775 0828 uliagpkx - ok
    14:19:40.0947 0828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    14:19:40.0947 0828 uliahci - ok
    14:19:41.0025 0828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    14:19:41.0025 0828 UlSata - ok
    14:19:41.0181 0828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    14:19:41.0181 0828 ulsata2 - ok
    14:19:41.0306 0828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    14:19:41.0306 0828 umbus - ok
    14:19:41.0415 0828 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    14:19:41.0415 0828 USBAAPL - ok
    14:19:41.0540 0828 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    14:19:41.0571 0828 usbaudio - ok
    14:19:41.0680 0828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:19:41.0696 0828 usbccgp - ok
    14:19:41.0774 0828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    14:19:41.0774 0828 usbcir - ok
    14:19:41.0899 0828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    14:19:41.0899 0828 usbehci - ok
    14:19:41.0945 0828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    14:19:41.0961 0828 usbhub - ok
    14:19:42.0055 0828 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    14:19:42.0055 0828 usbohci - ok
    14:19:42.0133 0828 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    14:19:42.0133 0828 usbprint - ok
    14:19:42.0242 0828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    14:19:42.0242 0828 usbscan - ok
    14:19:42.0351 0828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:19:42.0351 0828 USBSTOR - ok
    14:19:42.0413 0828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:19:42.0413 0828 usbuhci - ok
    14:19:42.0523 0828 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    14:19:42.0523 0828 usbvideo - ok
    14:19:42.0647 0828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:19:42.0647 0828 vga - ok
    14:19:42.0710 0828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    14:19:42.0710 0828 VgaSave - ok
    14:19:42.0741 0828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    14:19:42.0741 0828 viaagp - ok
    14:19:42.0866 0828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    14:19:42.0866 0828 ViaC7 - ok
    14:19:42.0928 0828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    14:19:42.0928 0828 viaide - ok
    14:19:43.0022 0828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    14:19:43.0022 0828 volmgr - ok
    14:19:43.0115 0828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    14:19:43.0131 0828 volmgrx - ok
    14:19:43.0162 0828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    14:19:43.0178 0828 volsnap - ok
    14:19:43.0599 0828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    14:19:43.0599 0828 vsmraid - ok
    14:19:43.0771 0828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    14:19:43.0771 0828 WacomPen - ok
    14:19:43.0833 0828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:19:43.0833 0828 Wanarp - ok
    14:19:43.0849 0828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:19:43.0849 0828 Wanarpv6 - ok
    14:19:43.0911 0828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    14:19:43.0911 0828 Wd - ok
    14:19:44.0036 0828 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    14:19:44.0036 0828 WDC_SAM - ok
    14:19:44.0129 0828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    14:19:44.0145 0828 Wdf01000 - ok
    14:19:44.0285 0828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    14:19:44.0285 0828 WmiAcpi - ok
    14:19:44.0426 0828 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    14:19:44.0426 0828 WpdUsb - ok
    14:19:44.0519 0828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    14:19:44.0519 0828 ws2ifsl - ok
    14:19:44.0644 0828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:19:44.0660 0828 WUDFRd - ok
    14:19:44.0707 0828 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    14:19:44.0785 0828 \Device\Harddisk0\DR0 - ok
    14:19:44.0800 0828 Boot (0x1200) (bcaf97a13b1d31bc3778ca91dc7dfa31) \Device\Harddisk0\DR0\Partition0
    14:19:44.0800 0828 \Device\Harddisk0\DR0\Partition0 - ok
    14:19:44.0816 0828 ============================================================
    14:19:44.0816 0828 Scan finished
    14:19:44.0816 0828 ============================================================
    14:19:44.0831 1640 Detected object count: 0
    14:19:44.0831 1640 Actual detected object count: 0
     
  17. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    Malwarebytes log

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.24.05

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.19170
    ngan :: HELEN-PC [administrator]

    1/24/2012 2:25:08 PM
    mbam-log-2012-01-24 (14-25-08).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
    Scan options disabled: Heuristics/Shuriken | P2P
    Objects scanned: 340227
    Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LQWxKGCKoVDdhWT.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\LQWxKGCKoVDdhWT.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\LQWxKGCKoVDdhWT.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\ProgramData\Bp26Blb39DVrGH.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Users\ngan\AppData\Local\Temp\0ieGm8AZ7E11Y6.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

    (end)
     
  18. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    After scanning with Malwarebytes and removing infected files, I rebooted into Normal Mode, but the System Check icon is still on my desktop. Does that mean the virus is still there? Just a reminder that ComboFix still isn't able to run on Normal or Safe Mode
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Do you have the Task Manager and Desktop back? If Unhide restored them, the commands aren't going to apply.

    Let's try running the following since Combofix isn't working:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  20. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    OTL.txt log

    OTL logfile created on: 1/25/2012 10:51:44 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.62% Memory free
    4.22 Gb Paging File | 3.20 Gb Available in Paging File | 75.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 53.20 Gb Free Space | 48.22% Space Free | Partition Type: NTFS

    Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\ngan\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
    PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
    PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
    PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmgr.exe (Dell)
    PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmon.exe (Dell)
    PRC - C:\Windows\System32\dlbkcoms.exe ( )
    PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
    PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
    MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll ()
    MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
    MOD - C:\Windows\System32\igfxTMM.dll ()
    MOD - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (CLTNetCnService) -- File not found
    SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
    SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
    SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
    SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )
    SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
    DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
    DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
    DRV - (LVUVC) QuickCam Communicate Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
    DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
    DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
    DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
    DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z134&install_date=20111112
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z134&install_date=20111112"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.7.0.6
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {D7B3796E-B384-4685-AE12-F8EC49B8B3DE}:1.9.1
    FF - prefs.js..extensions.enabledItems: avg@toolbar:8.0.0.34.1
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ce5d87e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
    FF - prefs.js..network.proxy.no_proxies_on: "localhost"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/18 22:35:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 23:50:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 13:22:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}: C:\Users\ngan\AppData\Local\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE} [2011/06/13 21:33:11 | 000,000,000 | ---D | M]

    [2008/08/03 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
    [2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions
    [2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
    [2010/04/27 15:13:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
    [2009/01/12 15:01:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\moveplayer@movenetworks.com
    [2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\searchplugins\bing-zugo.xml
    [2011/11/30 19:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/18 22:35:07 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
    [2011/06/13 21:33:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\NGAN\APPDATA\LOCAL\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}
    [2012/01/08 23:50:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/18 22:34:17 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/01/08 23:49:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
    [2012/01/08 23:49:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
    CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
    CHR - Extension: DivX HiQ = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
    CHR - Extension: AVG Safe Search = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
    CHR - Extension: Poppit = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

    O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [dlbkbmgr.exe] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" File not found
    O4 - HKCU..\Run: [Spotify] C:\Users\ngan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F334C34-DA0E-4CC7-9B30-DD2FF09902A1}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\ngan\Pictures\desktopbackground\geminitowers.jpg
    O24 - Desktop BackupWallPaper: C:\Users\ngan\Pictures\desktopbackground\geminitowers.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/25 22:48:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
    [2012/01/24 17:42:57 | 000,000,000 | --SD | C] -- C:\myapp
    [2012/01/23 00:48:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/23 00:48:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/23 00:48:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/23 00:48:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/23 00:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/22 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG2012
    [2012/01/22 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/01/22 00:16:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012/01/22 00:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/01/22 00:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/22 00:15:40 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\TestApp
    [2012/01/21 20:49:47 | 000,100,864 | ---- | C] (GMER) -- C:\awtoipow.sys
    [2012/01/18 22:34:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\cache
    [2012/01/07 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
    [2012/01/05 15:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/05 15:56:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/05 15:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/01/05 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
    [2012/01/05 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG
    [2010/03/06 16:23:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
    [2010/03/06 16:23:24 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
    [2010/03/06 16:23:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
    [2010/03/06 16:23:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
    [2010/03/06 16:23:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
    [2010/03/06 16:23:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
    [2010/03/06 16:23:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
    [2010/03/06 16:23:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
    [2010/03/06 16:23:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
    [2010/03/06 16:23:23 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
    [2010/03/06 16:23:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
    [2010/03/06 16:23:23 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
    [2010/03/06 16:23:23 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
    [2010/03/06 16:23:23 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
    [2010/03/06 16:23:23 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
    [2010/03/06 16:22:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/25 22:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
    [2012/01/25 22:43:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/25 22:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/25 21:45:25 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/25 21:45:25 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/25 14:39:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/24 14:16:41 | 000,000,842 | ---- | M] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
    [2012/01/24 01:40:42 | 000,000,680 | ---- | M] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
    [2012/01/22 23:05:32 | 000,684,297 | ---- | M] () -- C:\Users\ngan\Desktop\unhide.exe
    [2012/01/22 00:20:43 | 002,266,381 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/01/21 20:49:47 | 000,100,864 | ---- | M] (GMER) -- C:\awtoipow.sys
    [2012/01/21 19:07:08 | 000,130,716 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/01/21 14:18:30 | 000,000,272 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGH
    [2012/01/21 14:18:30 | 000,000,168 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGHr
    [2012/01/21 00:35:11 | 000,000,440 | ---- | M] () -- C:\ProgramData\Bp26Blb39DVrGH
    [2012/01/18 15:48:16 | 000,621,032 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
    [2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
    [2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\ProgramData\075x22s613657qe7ud702ut
    [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012/01/11 13:55:32 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/11 13:55:31 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/30 21:29:06 | 000,145,920 | ---- | M] () -- C:\Users\ngan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/24 14:16:41 | 000,000,842 | ---- | C] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
    [2012/01/23 00:48:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/23 00:48:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/23 00:48:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/23 00:48:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/23 00:48:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/22 23:04:39 | 000,684,297 | ---- | C] () -- C:\Users\ngan\Desktop\unhide.exe
    [2012/01/22 00:17:32 | 002,266,381 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/01/21 14:18:30 | 000,000,168 | ---- | C] () -- C:\ProgramData\~Bp26Blb39DVrGHr
    [2012/01/21 14:18:29 | 000,000,272 | ---- | C] () -- C:\ProgramData\~Bp26Blb39DVrGH
    [2012/01/21 00:31:43 | 000,000,440 | ---- | C] () -- C:\ProgramData\Bp26Blb39DVrGH
    [2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
    [2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\ProgramData\075x22s613657qe7ud702ut
    [2011/06/13 21:33:12 | 000,000,120 | ---- | C] () -- C:\Users\ngan\AppData\Local\Aqovaripec.dat
    [2011/06/13 21:33:12 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Local\Fbilesicog.bin
    [2011/06/13 21:32:55 | 000,000,004 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\mlog
    [2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247
    [2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\ProgramData\m32esmfe7c4o462rx2yg3t247
    [2011/04/09 17:50:40 | 000,000,680 | ---- | C] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
    [2010/12/16 15:00:13 | 000,000,020 | ---- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
    [2010/09/21 20:36:45 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/09/21 20:36:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/04/28 18:13:43 | 000,000,760 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\setup_ldm.iss
    [2010/04/17 16:15:31 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini
    [2010/03/06 16:26:34 | 000,000,444 | ---- | C] () -- C:\Windows\dellstat.ini
    [2010/03/06 16:23:24 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
    [2010/03/06 16:23:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
    [2010/03/06 16:23:24 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
    [2010/03/06 16:23:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
    [2010/03/06 16:23:23 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
    [2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
    [2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
    [2010/03/06 16:22:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
    [2010/03/06 16:22:55 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2010/03/06 16:22:54 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/05/30 12:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/05/30 12:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/02/21 21:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
    [2008/11/16 12:55:05 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\wklnhst.dat
    [2008/11/03 21:03:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/08/21 09:10:45 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2008/08/06 09:00:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/08/03 13:54:33 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
    [2008/08/03 10:20:53 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
    [2008/08/03 10:20:48 | 000,000,638 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2008/08/02 11:31:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/07/22 19:53:16 | 000,145,920 | ---- | C] () -- C:\Users\ngan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/20 17:41:19 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/07/20 17:41:19 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/20 11:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/02/20 11:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/02/20 11:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/02/20 11:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
    [2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
    [2008/02/20 11:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2008/02/18 18:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/02/18 18:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
    [2008/02/18 18:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2008/02/18 18:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2008/02/18 18:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2008/02/18 18:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2008/02/18 17:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
    [2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2007/09/13 14:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
    [2007/09/13 14:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/09/13 14:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/09/13 14:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 04:47:37 | 000,370,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 02:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
    [2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/12/28 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Amazon
    [2012/01/05 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG
    [2011/10/17 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG10
    [2012/01/22 23:38:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG2012
    [2010/06/29 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Facebook
    [2011/11/11 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\FreeTorrentDownloader
    [2010/12/10 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Local
    [2011/12/01 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Smart PDF Creator
    [2012/01/25 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Spotify
    [2008/11/16 12:55:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Template
    [2012/01/22 00:15:40 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TestApp
    [2012/01/24 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TOSHIBA
    [2008/07/20 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Ulead Systems
    [2008/08/03 08:10:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\WinBatch
    [2012/01/25 01:01:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB56859$] -> -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  21. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    Extras.txt log

    OTL Extras logfile created on: 1/25/2012 10:51:44 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.62% Memory free
    4.22 Gb Paging File | 3.20 Gb Available in Paging File | 75.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 53.20 Gb Free Space | 48.22% Space Free | Partition Type: NTFS

    Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{398B1DC2-C042-46AC-8A67-1B4574303AF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{A56279F2-3031-4267-86D2-B56D52EC7177}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FC1BB86-E0AD-465C-B45D-35E0F8E4A868}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
    "{14AE7395-C9F0-4304-9FE2-7579F17B4E95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{174C72AC-9C9F-4CC1-86CB-706D845C6DF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1C0902E2-17EF-4102-BF7F-0B7281335E37}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{258DB9D0-7835-4746-A6DF-03B972EE5508}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2B4832A2-0434-4F97-B5E8-3DCBD50325D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{371DC240-8433-44C9-B014-F0531C2307A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{3DC0C587-9DA3-451C-9F87-1EE97AADEA20}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{401F93C5-F93E-41DD-A834-844CF0EFA04C}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{43E81AC1-3EF9-477E-AA87-91CB7E128D20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4AD7ED50-5937-4C2C-9F9C-2C38C74D2446}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
    "{5A59C134-059D-4683-888B-DE478966B7D5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{6842464A-6399-4481-B2FE-E147B672E6CD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
    "{69FA89BF-8671-4258-9073-FEBB0AB579BA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{6AF5BE6B-1DDB-4EC0-AA32-5831B7BD2BF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{6ED71597-596A-41A4-B5CB-FA0148D61D57}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
    "{7E175359-5DD2-4F54-B412-8FF3E6ABA42C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{83B5BEC5-C059-4FA5-84FE-D3D7FA71DFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9DA175B7-BBDA-426A-8255-98FE64DF5D73}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{B1D88B60-F8DD-4414-B3F7-CF3475DC148D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
    "{B5285455-5AE9-4CF4-A5BF-38EACF168374}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{B83C56B7-380F-4D78-948D-FB2FE23BCB34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{BA82EA2F-9EAD-4287-84C2-52B74346241E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{C2661AF4-7818-4BD6-85B3-0E05A9972D82}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
    "{D0347EA0-C320-448D-8733-08069253B32D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{DB58E51C-310D-4AE6-B8BB-3D7291EA0312}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{E70A27E7-3096-4C97-8B6F-8F09143622CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{F98A348A-8855-4B8D-B11C-3E249C21C51A}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{FD4A682D-0163-40A6-A964-A6BF3048D706}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "TCP Query User{0EF4B91D-0F5F-46F5-9D94-76C3E1DC696E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{33CB5FB4-802C-4D28-8685-F5C60DC503C4}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{3E502BCF-A0C3-4DCE-9193-0B17EFAEDF2A}E:\techwizard.exe" = protocol=6 | dir=in | app=e:\techwizard.exe |
    "TCP Query User{76DAF091-BEEB-410D-9E02-A19F06D39698}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{C31ED26C-F95D-4E26-BBF8-1EADFB85D9BF}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |
    "UDP Query User{1093D98D-54D2-4693-9120-B544F7C115A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{209302F2-CD3C-4BB2-B43E-ECCCE2415E2D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{AB8E1920-4504-4D8B-85CA-645241823A9E}E:\techwizard.exe" = protocol=17 | dir=in | app=e:\techwizard.exe |
    "UDP Query User{C8E2014F-D49E-439C-86A1-A9CF9EFB8200}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{DA279425-05F5-4B48-A17C-BC4180AA04E7}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
    "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "bflixtoolbar" = BFlix Toolbar
    "Canon iP1700 User Registration" = Canon iP1700 User Registration
    "CanonMyPrinter" = Canon My Printer
    "Dell AIO Printer A920" = Dell AIO Printer A920
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-WebPrint" = Easy-WebPrint
    "Freecorder Toolbar" = Freecorder Toolbar
    "Freecorder4.1" = Freecorder
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Verizon FiOS Activation_is1" = Verizon FiOS Activation
    "Verizon Help and Support" = Verizon Help and Support Tool
    "WildTangent toshiba Master Uninstall" = TOSHIBA Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Spotify" = Spotify

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 32931390

    Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 32931390

    Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 32932388

    Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 32932388

    Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 32933418

    Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 32933418

    Error - 9/18/2010 6:02:36 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Media Center Events ]
    Error - 11/15/2008 4:08:43 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/30/2009 2:39:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/30/2009 12:06:47 AM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/20/2009 11:17:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 1/25/2012 5:01:10 AM | Computer Name = Helen-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/25/2012 5:43:25 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/25/2012 5:53:07 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
    code: 0x80096001 Error description: A system-level error occurred while verifying
    trust.

    Error - 1/25/2012 9:55:31 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
    code: 0x80096001 Error description: A system-level error occurred while verifying
    trust.

    Error - 1/26/2012 2:53:50 AM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
    code: 0x80096001 Error description: A system-level error occurred while verifying
    trust.


    < End of report >
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, I have script set up to run in OTL, but there are errors indicating there might be an activation problem. Let's check that out first as there are an exceptional number of entries to remove:

    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
     
  23. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    The Resolve Button did not show up, so this is just the MGA Diagnostics. I took out the Product Key and Product ID:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012

    Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=

    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.111025-0338
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Allowed
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-2397746768-2885083860-4240868168</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A205</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date></BIOS><HWID>A6323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B90A82CB9436500</Val><Hash>QkyZNrhgPP7BeMX/VkVt7x/e8Zg=</Hash><Pid>73931-640-1545006-57628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_SLP channel
    Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89578-00146-321-500237-02-1033-6001.0000-2022008
    Installation ID: 021031851315911800272176831322876354573851108312068914
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: RJ34F
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: OAAAAAEABAABAAIAAQABAAAAAwABAAEAJJQcldS/cscoSwYMRoOuZdYA4N/y9OZJBPO20KxWsg0=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC INTEL CRESTLNE
    FACP TOSCPL CRESTLNE
    HPET INTEL CRESTLNE
    BOOT PTLTD $SBFTBL$
    MCFG INTEL CRESTLNE
    TCPA Intel CRESTLNE
    TMOR PTLTD
    SLIC TOSCPL TOSCPL00
    OSFR TOSHIB A+2nd ID
    APIC INTEL CRESTLNE
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Lots to copy here- be sure you get it all:
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      [2008/08/03 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
      [2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions
      [2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
      [2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
      [2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
      [2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml
      [2012/01/08 23:49:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
      O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
      [2012/01/21 14:18:30 | 000,000,272 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGH
      [2012/01/21 14:18:30 | 000,000,168 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGHr
      [2012/01/21 00:35:11 | 000,000,440 | ---- | M] () -- C:\ProgramData\Bp26Blb39DVrGH
      [2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
      [2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\ProgramData\075x22s613657qe7ud702ut
      [2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
      [2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\ProgramData\075x22s613657qe7ud702ut
      [2011/06/13 21:33:12 | 000,000,120 | ---- | C] () -- C:\Users\ngan\AppData\Local\Aqovaripec.dat
      [2011/06/13 21:33:12 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Local\Fbilesicog.bin
      2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
      [2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
      [2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247
      [2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\ProgramData\m32esmfe7c4o462rx2yg3t247
      [2008/02/18 17:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
      [C:\Windows\$NtUninstallKB56859$] -> -> Unknown point type
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "VistaSp1" =-
      "VistaSp2" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "bflixtoolbar" =-
      "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" =-
      "bflixtoolbar" =-
      "Freecorder Toolbar" = Freecorder Toolbar
      "Freecorder4.1" =-
      :Files
      :Commands
      [purity]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ==========================================
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    Please leave new log for OTL in new reply.
     
  25. funkymonky

    funkymonky TS Rookie Topic Starter Posts: 19

    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
    C:\Program Files\Freecorder\prxtbFre2.dll moved successfully.
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    C:\Users\ngan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
    C:\Users\ngan\AppData\Roaming\mozilla\Extensions folder moved successfully.
    Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\ not found.
    Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
    Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH\ not found.
    Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
    File C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml not found.
    C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
    ::1 localhost removed from HOSTS file successfully
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
    File C:\Program Files\Freecorder\prxtbFre2.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
    C:\Program Files\bflixtoolbar\vmntemplateX.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
    File C:\Program Files\Freecorder\prxtbFre2.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
    File C:\Program Files\bflixtoolbar\vmntemplateX.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
    File C:\Program Files\Freecorder\prxtbFre2.dll not found.
    C:\ProgramData\~Bp26Blb39DVrGH moved successfully.
    C:\ProgramData\~Bp26Blb39DVrGHr moved successfully.
    C:\ProgramData\Bp26Blb39DVrGH moved successfully.
    C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut moved successfully.
    C:\ProgramData\075x22s613657qe7ud702ut moved successfully.
    File C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut not found.
    File C:\ProgramData\075x22s613657qe7ud702ut not found.
    C:\Users\ngan\AppData\Local\Aqovaripec.dat moved successfully.
    C:\Users\ngan\AppData\Local\Fbilesicog.bin moved successfully.
    C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 moved successfully.
    C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247 moved successfully.
    C:\ProgramData\m32esmfe7c4o462rx2yg3t247 moved successfully.
    C:\Windows\fdbpinger.exe moved successfully.
    Unable to remove Unknown point type C:\Windows\$NtUninstallKB56859$
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
    ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{63A6E9A9-A190-46D4-9430-2DB28654AFD8} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"Freecorder Toolbar" | Freecorder Toolbar /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Freecorder4.1 not found.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: ngan
    ->Java cache emptied: 1469386 bytes

    User: Public

    Total Java Files Cleaned = 1.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully


    OTL by OldTimer - Version 3.2.31.0 log created on 02022012_173937

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.