Nan's laptop is infected

Solved
By LukeDJ
Jan 9, 2013
Topic Status:
Not open for further replies.
  1. Hi guys,

    So my Nan asked me why her PC was running so slowly, and I nearly headbutted a nail when I noticed the multiple bars at the top of her browser and multiple random search engines opening in new tabs when the browser was opened. There were also some shifty looking programs in her programs list. Hopefully these are easily removed!
  2. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    MBAM log (nothing detected)

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.09.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    farms :: FARMS-PC [administrator]

    9/01/2013 8:22:49 PM
    mbam-log-2013-01-09 (20-22-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208889
    Time elapsed: 16 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    DSS.txt log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by farms at 20:42:58 on 2013-01-09
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.380 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\farms\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredimail.com?a=ICeoIfXILK
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
    BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] <no file>
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
    mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\mobile broadband manager\TelstraUCM.exe" -tsr
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\farms\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:33554432
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 10.4.182.20 10.4.81.103
    TCP: Interfaces\{0E90084D-4D95-4F7D-8594-BF10161ACF99} : DHCPNameServer = 10.4.182.20 10.4.81.103
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-29 20384]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-25 7168]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-9 40776]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-9-1 114688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-29 30192]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-9-1 7168]
    .
    =============== Created Last 30 ================
    .
    2013-01-09 12:36:216812136----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{63c26a44-f6ae-40f6-bb4f-96236eacd010}\mpengine.dll
    2013-01-09 12:19:1840776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-09 12:19:09--------d-----w-c:\users\farms\appdata\roaming\Malwarebytes
    2013-01-09 12:18:04--------d-----w-c:\programdata\Malwarebytes
    2013-01-09 12:17:5821104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-09 12:17:57--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-06 03:03:466812136------w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-03 14:29:33--------d-----w-c:\users\farms\appdata\roaming\AVG2012
    2012-12-25 06:54:51--------d-----w-c:\users\farms\appdata\local\Kobo
    2012-12-25 06:54:14--------d-----w-c:\windows\tmp
    2012-12-25 06:53:43--------d-----w-c:\program files\Kobo
    2012-12-25 01:16:26--------d-----w-c:\users\farms\appdata\local\CRE
    2012-12-22 00:47:28293376----a-w-c:\windows\system32\atmfd.dll
    2012-12-22 00:47:2734304----a-w-c:\windows\system32\atmlib.dll
    2012-12-14 01:12:309728----a-w-c:\windows\system32\Wdfres.dll
    2012-12-14 01:12:2066560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-12-14 01:12:20155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-12-14 01:12:1916896----a-w-c:\windows\system32\winusb.dll
    2012-12-14 01:12:1873216----a-w-c:\windows\system32\WUDFSvc.dll
    2012-12-14 01:12:18172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-12-14 01:12:16526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-12-14 01:12:1647720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-12-14 01:12:1438912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-12-14 01:12:13613888----a-w-c:\windows\system32\WUDFx.dll
    2012-12-14 01:12:13196608----a-w-c:\windows\system32\WUDFHost.exe
    2012-12-13 09:55:432048000----a-w-c:\windows\system32\win32k.sys
    2012-12-13 09:55:42376320----a-w-c:\windows\system32\dpnet.dll
    2012-12-13 09:55:4123040----a-w-c:\windows\system32\dpnsvr.exe
    2012-12-13 09:55:40224640----a-w-c:\windows\system32\drivers\volsnap.sys
    2012-12-13 09:54:422048----a-w-c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
    2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
    2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
    2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 20:46:17.94 ===============
  4. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Attach.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/12/2008 2:30:02 AM
    System Uptime: 9/01/2013 8:01:24 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | CPU | 1000/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 163.166 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1082: 4/01/2013 8:55:19 AM - Windows Update
    RP1083: 4/01/2013 3:36:34 PM - Windows Backup
    RP1084: 5/01/2013 10:21:25 AM - Windows Update
    RP1085: 6/01/2013 10:49:24 AM - Windows Update
    RP1086: 9/01/2013 6:57:03 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.1.2
    Age of Mythology
    Age of Mythology - The Titans Expansion
    AIO_Scan
    Atheros Driver Installation Program
    Atheros Wi-Fi Protected Setup Library
    AVG 2012
    BufferChm
    Business Contact Manager for Outlook 2007 SP2
    C7200
    C7200_doccd
    c7200_Help
    Camera Assistant Software for Toshiba
    CD/DVD Drive Acoustic Silencer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Copy
    Coupon Printer for Windows
    CustomerResearchQFolder
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DVD MovieFactory for TOSHIBA
    EA Download Manager
    eSupportQFolder
    Fax
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 9.0
    HP Deskjet 3050 J610 series Basic Device Software
    HP Deskjet 3050 J610 series Help
    HP Deskjet 3050 J610 series Product Improvement Study
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photo Creations
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 3.5
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 35
    Java(TM) 6 Update 6
    Kobo
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.2
    PanoStandAlone
    Picasa 3
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Saddle Club - Willowbrook Stables
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    Telstra Mobile Broadband Manager
    The Game Of Life
    The Sims™ 3
    The Sims™ 3 Generations
    Toolbox
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VideoToolkit01
    WebReg
    Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9)
    Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5)
    Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5)
    Windows Live ID Sign-in Assistant
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/01/2013 8:11:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
    4/01/2013 9:09:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.3137.0).
    4/01/2013 9:07:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2997.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070643 Error description: Fatal error during installation.
    4/01/2013 8:56:52 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    4/01/2013 8:54:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.147.56.65 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.147.39.45 (The DHCP Server sent a DHCPNACK message).
    4/01/2013 7:50:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2997.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/01/2013 7:38:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2997.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    4/01/2013 3:45:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2997.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/01/2013 11:16:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.146.23.196 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.147.6.81 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  5. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    *Note, I already uninstalled some of the bad programs (bars and such)

    My main concern is AVG, which doesn't want to go away, and seems to do stuff every time I open a web page.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  7. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Hi, thanks for your reply!

    Here is the Adware cleaner log:

    # AdwCleaner v2.105 - Logfile created 01/10/2013 at 11:30:56
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : farms - FARMS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\farms\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\farms\AppData\Local\Temp\Uninstall.exe
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\farms\AppData\Local\Conduit
    Folder Deleted : C:\Users\farms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Folder Deleted : C:\Users\farms\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
    Folder Deleted : C:\Users\farms\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Deleted : C:\Users\farms\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\farms\AppData\LocalLow\PriceGong

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Software
    Key Deleted : HKLM\Software\Web Assistant
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\farms\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.12] : urls_to_restore_on_startup = [ "hxxps://www.google.com.au/", "hxxp://search.conduit.com/?c[...]
    Deleted [l.47] : icon_url = "hxxp://search.conduit.com/fav.ico",
    Deleted [l.50] : keyword = "search.conduit.com",
    Deleted [l.53] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
    Deleted [l.2244] : urls_to_restore_on_startup = [ "hxxps://www.google.com.au/", "hxxp://search.conduit.com/?ctid[...]

    *************************

    AdwCleaner[S1].txt - [4241 octets] - [10/01/2013 11:30:56]

    ########## EOF - C:\AdwCleaner[S1].txt - [4301 octets] ##########
  8. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    And the Junkware removal tool:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by farms on Thu 10/01/2013 at 11:41:03.54
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3617931264-3218664195-1599653590-1000\software\microsoft\internet explorer\main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3617931264-3218664195-1599653590-1000\software\web assistant"



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\coupons"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 10/01/2013 at 11:46:41.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Once again, thank you.

    Those steps have really sped up her browser, and destroyed the adware bars :D :D

    Do I need to complete any more steps??

    As a side note, is there any easy way to remove AVG link scanner? Doing a normal uninstall isn't getting rid of it, and it runs stuff every time I open a browser (She already has Microsoft security essentials)
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do the following please:

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  11. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Done, here's the combofix log:

    ComboFix 13-01-08.01 - farms 10/01/2013 21:11:34.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.954 [GMT 8:00]
    Running from: c:\users\farms\Desktop\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\farms\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35EBB61B-3200-4DAD-934F-2B326E13CCFA}.xps
    c:\users\farms\ChromeSetup.exe
    c:\users\farms\ia_remove.sh6896.tmp
    c:\windows\system32\pt
    c:\windows\system32\pt\smartfacevcp.dll.mui
    c:\windows\system32\pt\toscdspd.cpl.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-10 13:22 . 2013-01-10 13:22--------d-----w-c:\users\Default\AppData\Local\temp
    2013-01-10 13:01 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6C255C-1582-4946-B648-16DB649D7F68}\mpengine.dll
    2013-01-10 03:45 . 2012-11-23 01:352048000----a-w-c:\windows\system32\win32k.sys
    2013-01-10 03:40 . 2013-01-10 03:40--------d-----w-c:\windows\ERUNT
    2013-01-10 03:39 . 2013-01-10 03:40--------d-----w-C:\JRT
    2013-01-10 03:39 . 2012-11-20 04:22204288----a-w-c:\windows\system32\ncrypt.dll
    2013-01-10 03:39 . 2012-11-02 10:191400832----a-w-c:\windows\system32\msxml6.dll
    2013-01-09 12:36 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-09 12:19 . 2013-01-09 12:19--------d-----w-c:\users\farms\AppData\Roaming\Malwarebytes
    2013-01-09 12:18 . 2013-01-09 12:18--------d-----w-c:\programdata\Malwarebytes
    2013-01-09 12:17 . 2012-12-14 08:4921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-09 12:17 . 2013-01-09 12:18--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-03 14:29 . 2013-01-03 14:29--------d-----w-c:\users\farms\AppData\Roaming\AVG2012
    2012-12-25 06:54 . 2012-12-25 06:54--------d-----w-c:\users\farms\AppData\Local\Kobo
    2012-12-25 06:54 . 2012-12-25 08:48--------d-----w-c:\windows\tmp
    2012-12-25 06:53 . 2012-12-25 06:54--------d-----w-c:\program files\Kobo
    2012-12-25 01:16 . 2012-12-26 03:17--------d-----w-c:\users\farms\AppData\Local\CRE
    2012-12-22 00:47 . 2012-12-16 10:50293376----a-w-c:\windows\system32\atmfd.dll
    2012-12-22 00:47 . 2012-12-16 13:1234304----a-w-c:\windows\system32\atmlib.dll
    2012-12-14 01:12 . 2012-07-26 02:469728----a-w-c:\windows\system32\Wdfres.dll
    2012-12-14 01:12 . 2012-07-26 02:3366560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-12-14 01:12 . 2012-07-26 02:32155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-12-14 01:12 . 2009-07-14 12:1216896----a-w-c:\windows\system32\winusb.dll
    2012-12-14 01:12 . 2012-07-26 03:2073216----a-w-c:\windows\system32\WUDFSvc.dll
    2012-12-14 01:12 . 2012-07-26 03:20172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-12-14 01:12 . 2012-07-26 03:39526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-12-14 01:12 . 2012-07-26 03:3947720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-12-14 01:12 . 2012-07-26 03:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-12-14 01:12 . 2012-07-26 03:21196608----a-w-c:\windows\system32\WUDFHost.exe
    2012-12-14 01:12 . 2012-07-26 03:20613888----a-w-c:\windows\system32\WUDFx.dll
    2012-12-13 09:55 . 2012-11-02 10:18376320----a-w-c:\windows\system32\dpnet.dll
    2012-12-13 09:55 . 2012-11-02 08:2623040----a-w-c:\windows\system32\dpnsvr.exe
    2012-12-13 09:55 . 2012-08-21 11:47224640----a-w-c:\windows\system32\drivers\volsnap.sys
    2012-12-13 09:54 . 2012-11-13 01:292048----a-w-c:\windows\system32\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-29 14:39 . 2012-11-29 14:41740840------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{507690DB-9979-4D64-8B2A-1055A21EDADD}\gapaengine.dll
    2012-11-13 20:52 . 2012-08-17 01:54477168----a-w-c:\windows\system32\npdeployJava1.dll
    2012-11-13 20:52 . 2010-09-08 08:43473072----a-w-c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-08 39408]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]
    "BigPondWirelessBroadbandCM"="c:\program files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2010-05-14 4352408]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\farms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 14:22]
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 14:22]
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617931264-3218664195-1599653590-1000Core.job
    - c:\users\farms\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 07:14]
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617931264-3218664195-1599653590-1000UA.job
    - c:\users\farms\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 07:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 10.4.182.20 10.4.81.103
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Sidebar - (no file)
    HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
    HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-10 21:23
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/I?????v??Miz????>???>???>? >?H
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-01-10 21:25:42
    ComboFix-quarantined-files.txt 2013-01-10 13:25
    .
    Pre-Run: 180,407,599,104 bytes free
    Post-Run: 180,862,959,616 bytes free
    .
    - - End Of File - - 76BFFB6F01A39A885AF2C9F24E9E3C31
     
  12. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    OTL.Txt log:

    OTL logfile created on: 10/01/2013 9:33:52 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\farms\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.15% Memory free
    3.98 Gb Paging File | 2.42 Gb Available in Paging File | 60.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.86 Gb Total Space | 168.50 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

    Computer Name: FARMS-PC | User Name: farms | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/10 21:32:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\farms\Desktop\OTL.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/05/14 11:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/29 05:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
    PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/06/02 12:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2008/05/09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2008/05/08 09:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    PRC - [2008/04/29 09:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    PRC - [2008/04/25 04:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    PRC - [2008/04/17 15:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/04/17 15:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2008/04/08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/02/06 12:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    PRC - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/10 12:58:23 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/10 12:58:21 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll
    MOD - [2013/01/10 12:57:23 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll
    MOD - [2013/01/10 12:56:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll
    MOD - [2013/01/10 12:56:48 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
    MOD - [2013/01/10 12:56:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
    MOD - [2012/12/05 09:15:15 | 012,456,040 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    MOD - [2012/12/05 09:15:15 | 000,460,904 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
    MOD - [2012/12/05 09:15:14 | 004,008,040 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
    MOD - [2012/12/05 09:14:29 | 000,587,880 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
    MOD - [2012/12/05 09:14:28 | 000,124,520 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
    MOD - [2012/12/05 09:14:21 | 000,157,304 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
    MOD - [2012/12/05 09:14:20 | 000,275,576 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
    MOD - [2012/12/05 09:14:19 | 002,168,952 | ---- | M] () -- C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
    MOD - [2010/09/01 14:03:23 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2008/05/08 09:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    MOD - [2008/03/06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/10/11 02:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/08 02:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/02/06 12:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\farms\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2010/05/03 12:18:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2010/01/27 10:46:40 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/01/27 10:46:40 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/01/27 10:46:40 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/12/28 15:05:06 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
    DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/29 11:00:30 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/04/28 15:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2008/04/15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/12/15 02:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/21 05:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/02 15:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7TSHN_en
    IE - HKCU\..\SearchScopes\{C037AB40-9972-4D10-BE30-16B110323126}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=A671A5F2-55A6-414B-BE4C-DCB46AAB74B2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\farms\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\farms\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/01/04 19:34:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/31 10:01:22 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3196716
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\farms\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\farms\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: AVG Do Not Track = C:\Users\farms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

    O1 HOSTS File: ([2013/01/10 21:22:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Users\farms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.182.20 10.4.81.103
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E90084D-4D95-4F7D-8594-BF10161ACF99}: DhcpNameServer = 10.4.182.20 10.4.81.103
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\farms\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\farms\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/10 21:32:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\farms\Desktop\OTL.exe
    [2013/01/10 21:25:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/10 21:25:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/10 21:07:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/10 21:07:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/10 21:07:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/10 21:07:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/10 21:07:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/10 20:55:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\farms\Desktop\ComboFix.exe
    [2013/01/10 11:40:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/10 11:39:25 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/09 20:19:09 | 000,000,000 | ---D | C] -- C:\Users\farms\AppData\Roaming\Malwarebytes
    [2013/01/09 20:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/09 20:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/09 20:17:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/09 20:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/03 22:29:33 | 000,000,000 | ---D | C] -- C:\Users\farms\AppData\Roaming\AVG2012
    [2012/12/25 16:19:11 | 000,000,000 | ---D | C] -- C:\Users\farms\Documents\My Digital Editions
    [2012/12/25 14:54:51 | 000,000,000 | ---D | C] -- C:\Users\farms\AppData\Local\Kobo
    [2012/12/25 14:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
    [2012/12/25 14:54:14 | 000,000,000 | ---D | C] -- C:\Windows\tmp
    [2012/12/25 14:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
    [2012/12/25 09:16:26 | 000,000,000 | ---D | C] -- C:\Users\farms\AppData\Local\CRE
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/10 21:32:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\farms\Desktop\OTL.exe
    [2013/01/10 21:29:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/10 21:29:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/10 21:29:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/10 21:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/10 21:25:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/10 21:22:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/01/10 21:13:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617931264-3218664195-1599653590-1000UA.job
    [2013/01/10 21:13:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617931264-3218664195-1599653590-1000Core.job
    [2013/01/10 20:57:34 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\farms\Desktop\ComboFix.exe
    [2013/01/10 12:53:34 | 000,421,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/10 12:23:45 | 000,690,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/10 12:23:45 | 000,140,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/10 12:01:43 | 270,649,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/09 20:18:28 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/27 10:04:59 | 000,049,664 | ---- | M] () -- C:\Users\farms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/16 20:53:41 | 000,147,667 | ---- | M] () -- C:\Windows\hpoins21.dat
    [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/12/14 09:19:41 | 000,002,015 | ---- | M] () -- C:\Users\farms\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/10 21:07:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/10 21:07:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/10 21:07:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/10 21:07:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/10 21:07:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/09 20:18:28 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/03 09:11:47 | 270,649,715 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/12/14 09:12:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/14 09:12:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2010/04/20 10:44:35 | 000,000,552 | ---- | C] () -- C:\Users\farms\AppData\Local\d3d8caps.dat
    [2009/04/04 15:14:03 | 000,000,016 | ---- | C] () -- C:\Users\farms\persistent_state
    [2009/01/05 08:30:38 | 000,049,664 | ---- | C] () -- C:\Users\farms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/29 11:49:27 | 000,001,356 | ---- | C] () -- C:\Users\farms\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/01/03 22:29:33 | 000,000,000 | ---D | M] -- C:\Users\farms\AppData\Roaming\AVG2012
    [2010/09/01 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\farms\AppData\Roaming\OpenOffice.org
    [2010/09/01 13:20:06 | 000,000,000 | ---D | M] -- C:\Users\farms\AppData\Roaming\Sierra Wireless
    [2012/02/11 22:46:56 | 000,000,000 | ---D | M] -- C:\Users\farms\AppData\Roaming\toshiba
    [2009/11/29 21:38:12 | 000,000,000 | ---D | M] -- C:\Users\farms\AppData\Roaming\Ulead Systems

    ========== Purity Check ==========



    < End of report >
  13. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Not sure if you need the Extras.Txt, but here it is anyway :p

    OTL Extras logfile created on: 10/01/2013 9:33:52 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\farms\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.15% Memory free
    3.98 Gb Paging File | 2.42 Gb Available in Paging File | 60.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.86 Gb Total Space | 168.50 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

    Computer Name: FARMS-PC | User Name: farms | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1D4F981C-CF93-4CE5-85E6-FA79EBD29117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{F98E7F37-BF67-492F-A76F-4FE047754A9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BF6D5B7-DBCA-46B1-9517-603DBD74BF42}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{1F28E694-F5AE-4A18-830E-615616A64B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{2D646DC2-57F2-4F9A-B3B0-80B163A98012}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{3603AC98-E2A4-4E2A-AAC1-0875DD10551F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{3C5F97BE-7A37-4F64-B37B-5D1524CEE5EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{4556C2ED-16BB-412A-8013-9D8691B73AE6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "{45993120-9C30-4DDE-9384-41F8545C773D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{7B4A9FFA-51B8-420B-A780-DED70B6B4687}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{822DF30B-2932-4F0B-8124-903B8CCFBEC1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{9216A7C7-E548-42F5-A72E-6536B2D36E0A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "{9DED6774-D52F-44F9-A8FF-720BFE55706F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{AB0AB1D1-FADF-4A99-A032-FD8CCEC1BB59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{C10A17E4-453F-4BD9-997F-F49A0C9B490C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{C48CA90D-123C-435D-8168-65FB41672362}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{ECAD0407-BC61-4F8A-A86C-528ACEB9D033}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{F25F6EF8-44D9-4164-AA09-511ABC2E9543}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "TCP Query User{89A6FBAE-2C62-4225-A4E6-B0CB4D5ED5BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{AB8A3353-3D30-47FD-ACF8-2F18C37A99A5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{8AAC77F8-E1F7-4957-87F1-22179B88F6FB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{99B87064-63F9-428E-A718-EF6F89E26F0C}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 38
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{280402BB-8957-48DE-8C2A-11F25B5F10C2}" = Saddle Club - Willowbrook Stables
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
    "{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
    "{D42FD0CF-F36F-42D5-A12F-CE58397FD78A}" = Telstra Mobile Broadband Manager
    "{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "5E8F128761A9B07EC2DEC909F167D92DB8B3A348" = Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5)
    "6A032F4180B5A0E8F4BC27384D0A423B2595A785" = Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Age of Mythology 1.0" = Age of Mythology
    "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
    "AVG" = AVG 2012
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
    "E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7" = Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9)
    "EADM" = EA Download Manager
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photo Creations" = HP Photo Creations
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "HPOCR" = HP OCR Software 9.0
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Picasa 3" = Picasa 3
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
    "The Game Of Life" = The Game Of Life
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/01/2013 12:03:25 AM | Computer Name = farms-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/01/2013 12:26:58 AM | Computer Name = farms-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 10/01/2013 12:26:58 AM | Computer Name = farms-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 10/01/2013 12:54:12 AM | Computer Name = farms-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/01/2013 1:36:12 AM | Computer Name = farms-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 10/01/2013 1:36:12 AM | Computer Name = farms-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 10/01/2013 8:49:49 AM | Computer Name = farms-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/01/2013 9:30:58 AM | Computer Name = farms-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 10/01/2013 12:26:58 AM | Computer Name = farms-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/01/2013 12:57:40 AM | Computer Name = farms-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.146.44.162 for the Network Card with network
    address 00A0C6000000 has been denied by the DHCP server 10.146.46.49 (The DHCP
    Server sent a DHCPNACK message).

    Error - 10/01/2013 1:36:05 AM | Computer Name = farms-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/01/2013 1:36:12 AM | Computer Name = farms-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 10/01/2013 9:08:17 AM | Computer Name = farms-PC | Source = volsnap | ID = 393236
    Description = The shadow copies of volume C: were aborted because of a failed free
    space computation.

    Error - 10/01/2013 9:09:47 AM | Computer Name = farms-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 10/01/2013 9:11:04 AM | Computer Name = farms-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/01/2013 9:16:46 AM | Computer Name = farms-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/01/2013 9:22:58 AM | Computer Name = farms-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/01/2013 9:31:38 AM | Computer Name = farms-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.146.77.59 for the Network Card with network
    address 00A0C6000000 has been denied by the DHCP server 10.147.65.174 (The DHCP
    Server sent a DHCPNACK message).


    < End of report >
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  15. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    All Clear! :D

    Other concerns:

    The PC Blue Screened once sometime at the beginning of the malware removal process, but it never happened before and hasn't happened since.

    The only other thing is AVG Linkscanner 2012 Free edition.

    It's always on, and I cannot find a way to uninstall it.

    Is there an effective way to fully remove it (I can tell it's slowing down the system)
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Revo Uninstaller: www.revouninstaller.com

    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.
    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  17. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Results of screen317's Security Check version 0.99.56
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 38
    Java(TM) 6 Update 6
    Java version out of Date!
    Adobe Reader 8 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  18. LukeDJ

    LukeDJ TechSpot Addict Topic Starter Posts: 414   +112

    Ok, so my Nan has to pick up her laptop in a few hours, so I will update java and and adobe and then run a defrag.

    If there is anything else you think I should do, just post it and ill do it next time I see her.


    Thank you HEAPS for your help! I really appreciate it :)
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic solved.
    LukeDJ likes this.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.