TechSpot

Unable to install mbam, gmer and dds in normal mode

By ryaned
Dec 16, 2011
  1. Yesterday I picked up Vista Security 2012 virus and it has rendered me unable to install the above scans. I can download but not install the above scans.Should I try to download and install and run them in safe mode. I am currently sending this message in safe mode.
    The virus is also creating numerous pop up warnings and preventing me from going online in normalmode.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Safe mode will be fine for now.
     
  3. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    more problems with Vista Security 2012 virus

    Broni,

    I am now unable to install the "clean up" tools in the 5 step post in safe mode.I get a Vista security 2012 pop up. What should I do?
    Thanks, Ned
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Follow steps 1-4 from here: http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    TDSSKILLer report

    13:25:00.0299 0608 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    13:25:00.0780 0608 ============================================================
    13:25:00.0780 0608 Current date / time: 2011/12/17 13:25:00.0780
    13:25:00.0780 0608 SystemInfo:
    13:25:00.0780 0608
    13:25:00.0781 0608 OS Version: 6.0.6001 ServicePack: 1.0
    13:25:00.0781 0608 Product type: Workstation
    13:25:00.0781 0608 ComputerName: NED
    13:25:00.0781 0608 UserName: owner
    13:25:00.0781 0608 Windows directory: C:\Windows
    13:25:00.0781 0608 System windows directory: C:\Windows
    13:25:00.0781 0608 Running under WOW64
    13:25:00.0781 0608 Processor architecture: Intel x64
    13:25:00.0781 0608 Number of processors: 2
    13:25:00.0781 0608 Page size: 0x1000
    13:25:00.0782 0608 Boot type: Normal boot
    13:25:00.0782 0608 ============================================================
    13:25:01.0616 0608 Initialize success
    13:25:33.0324 0644 ============================================================
    13:25:33.0324 0644 Scan started
    13:25:33.0324 0644 Mode: Manual;
    13:25:33.0324 0644 ============================================================
    13:25:33.0640 0644 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
    13:25:33.0646 0644 ACPI - ok
    13:25:33.0719 0644 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    13:25:33.0794 0644 adp94xx - ok
    13:25:33.0851 0644 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    13:25:33.0884 0644 adpahci - ok
    13:25:33.0906 0644 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    13:25:33.0921 0644 adpu160m - ok
    13:25:33.0961 0644 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    13:25:33.0983 0644 adpu320 - ok
    13:25:34.0040 0644 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
    13:25:34.0078 0644 AFD - ok
    13:25:34.0172 0644 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
    13:25:34.0247 0644 AgereSoftModem - ok
    13:25:34.0306 0644 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    13:25:34.0323 0644 agp440 - ok
    13:25:34.0384 0644 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    13:25:34.0400 0644 aic78xx - ok
    13:25:34.0454 0644 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    13:25:34.0472 0644 aliide - ok
    13:25:34.0492 0644 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    13:25:34.0510 0644 amdide - ok
    13:25:34.0547 0644 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    13:25:34.0565 0644 AmdK8 - ok
    13:25:34.0653 0644 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    13:25:34.0668 0644 arc - ok
    13:25:34.0721 0644 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    13:25:34.0737 0644 arcsas - ok
    13:25:34.0800 0644 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:25:34.0813 0644 AsyncMac - ok
    13:25:34.0846 0644 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
    13:25:34.0867 0644 atapi - ok
    13:25:34.0969 0644 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
    13:25:35.0003 0644 AvgLdx64 - ok
    13:25:35.0033 0644 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
    13:25:35.0051 0644 AvgMfx64 - ok
    13:25:35.0092 0644 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
    13:25:35.0136 0644 AvgTdiA - ok
    13:25:35.0207 0644 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    13:25:35.0220 0644 blbdrive - ok
    13:25:35.0252 0644 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
    13:25:35.0270 0644 bowser - ok
    13:25:35.0309 0644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    13:25:35.0321 0644 BrFiltLo - ok
    13:25:35.0345 0644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    13:25:35.0356 0644 BrFiltUp - ok
    13:25:35.0395 0644 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    13:25:35.0408 0644 Brserid - ok
    13:25:35.0442 0644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    13:25:35.0457 0644 BrSerWdm - ok
    13:25:35.0477 0644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    13:25:35.0492 0644 BrUsbMdm - ok
    13:25:35.0510 0644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    13:25:35.0526 0644 BrUsbSer - ok
    13:25:35.0571 0644 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    13:25:35.0585 0644 BTHMODEM - ok
    13:25:35.0641 0644 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    13:25:35.0643 0644 cdfs - ok
    13:25:35.0658 0644 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
    13:25:35.0672 0644 cdrom - ok
    13:25:35.0703 0644 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    13:25:35.0717 0644 circlass - ok
    13:25:35.0756 0644 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
    13:25:35.0790 0644 CLFS - ok
    13:25:35.0851 0644 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:25:35.0865 0644 CmBatt - ok
    13:25:35.0881 0644 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    13:25:35.0893 0644 cmdide - ok
    13:25:35.0918 0644 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    13:25:35.0931 0644 Compbatt - ok
    13:25:35.0977 0644 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    13:25:35.0991 0644 crcdisk - ok
    13:25:36.0066 0644 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
    13:25:36.0085 0644 DfsC - ok
    13:25:36.0117 0644 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
    13:25:36.0135 0644 disk - ok
    13:25:36.0225 0644 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    13:25:36.0235 0644 drmkaud - ok
    13:25:36.0274 0644 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
    13:25:36.0296 0644 DXGKrnl - ok
    13:25:36.0324 0644 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    13:25:36.0356 0644 E1G60 - ok
    13:25:36.0398 0644 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
    13:25:36.0421 0644 Ecache - ok
    13:25:36.0477 0644 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    13:25:36.0509 0644 elxstor - ok
    13:25:36.0566 0644 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    13:25:36.0580 0644 ErrDev - ok
    13:25:36.0656 0644 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
    13:25:36.0678 0644 exfat - ok
    13:25:36.0710 0644 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
    13:25:36.0733 0644 fastfat - ok
    13:25:36.0760 0644 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    13:25:36.0773 0644 fdc - ok
    13:25:36.0797 0644 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    13:25:36.0813 0644 FileInfo - ok
    13:25:36.0829 0644 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    13:25:36.0849 0644 Filetrace - ok
    13:25:36.0922 0644 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:25:36.0934 0644 flpydisk - ok
    13:25:36.0973 0644 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
    13:25:36.0978 0644 FltMgr - ok
    13:25:36.0994 0644 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    13:25:37.0006 0644 Fs_Rec - ok
    13:25:37.0033 0644 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
    13:25:37.0046 0644 FwLnk - ok
    13:25:37.0070 0644 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    13:25:37.0088 0644 gagp30kx - ok
    13:25:37.0186 0644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:25:37.0198 0644 GEARAspiWDM - ok
    13:25:37.0284 0644 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    13:25:37.0306 0644 HdAudAddService - ok
    13:25:37.0332 0644 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:25:37.0333 0644 HDAudBus - ok
    13:25:37.0376 0644 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    13:25:37.0390 0644 HidBth - ok
    13:25:37.0425 0644 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    13:25:37.0436 0644 HidIr - ok
    13:25:37.0488 0644 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
    13:25:37.0499 0644 HidUsb - ok
    13:25:37.0545 0644 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    13:25:37.0558 0644 HpCISSs - ok
    13:25:37.0619 0644 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    13:25:37.0642 0644 HSFHWAZL - ok
    13:25:37.0712 0644 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    13:25:37.0786 0644 HSF_DPV - ok
    13:25:37.0830 0644 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
    13:25:37.0895 0644 HTTP - ok
    13:25:37.0924 0644 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    13:25:37.0937 0644 i2omp - ok
    13:25:37.0990 0644 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:25:38.0015 0644 i8042prt - ok
    13:25:38.0074 0644 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
    13:25:38.0078 0644 iaStor - ok
    13:25:38.0106 0644 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    13:25:38.0140 0644 iaStorV - ok
    13:25:38.0364 0644 igfx (8b7de1ea805335b1361d459acb4ece18) C:\Windows\system32\DRIVERS\igdkmd64.sys
    13:25:38.0690 0644 igfx - ok
    13:25:38.0771 0644 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    13:25:38.0789 0644 iirsp - ok
    13:25:38.0910 0644 IntcAzAudAddService (ce57d1a91272a35989837b868c8366df) C:\Windows\system32\drivers\RTKVHD64.sys
    13:25:39.0022 0644 IntcAzAudAddService - ok
    13:25:39.0075 0644 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
    13:25:39.0096 0644 IntcHdmiAddService - ok
    13:25:39.0137 0644 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    13:25:39.0152 0644 intelide - ok
    13:25:39.0177 0644 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    13:25:39.0179 0644 intelppm - ok
    13:25:39.0215 0644 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:25:39.0235 0644 IpFilterDriver - ok
    13:25:39.0263 0644 IpInIp - ok
    13:25:39.0288 0644 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    13:25:39.0303 0644 IPMIDRV - ok
    13:25:39.0338 0644 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    13:25:39.0340 0644 IPNAT - ok
    13:25:39.0388 0644 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    13:25:39.0401 0644 IRENUM - ok
    13:25:39.0431 0644 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    13:25:39.0444 0644 isapnp - ok
    13:25:39.0475 0644 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:25:39.0479 0644 iScsiPrt - ok
    13:25:39.0517 0644 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    13:25:39.0529 0644 iteatapi - ok
    13:25:39.0563 0644 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    13:25:39.0577 0644 iteraid - ok
    13:25:39.0605 0644 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:25:39.0621 0644 kbdclass - ok
    13:25:39.0644 0644 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:25:39.0655 0644 kbdhid - ok
    13:25:39.0689 0644 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys
    13:25:39.0730 0644 KSecDD - ok
    13:25:39.0746 0644 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    13:25:39.0759 0644 ksthunk - ok
    13:25:39.0819 0644 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    13:25:39.0832 0644 lltdio - ok
    13:25:39.0869 0644 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    13:25:39.0882 0644 LSI_FC - ok
    13:25:39.0905 0644 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    13:25:39.0920 0644 LSI_SAS - ok
    13:25:39.0943 0644 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    13:25:39.0962 0644 LSI_SCSI - ok
    13:25:39.0987 0644 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    13:25:40.0020 0644 luafv - ok
    13:25:40.0057 0644 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    13:25:40.0073 0644 megasas - ok
    13:25:40.0113 0644 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    13:25:40.0146 0644 MegaSR - ok
    13:25:40.0170 0644 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    13:25:40.0172 0644 Modem - ok
    13:25:40.0192 0644 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    13:25:40.0194 0644 monitor - ok
    13:25:40.0208 0644 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    13:25:40.0225 0644 mouclass - ok
    13:25:40.0284 0644 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    13:25:40.0296 0644 mouhid - ok
    13:25:40.0321 0644 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    13:25:40.0335 0644 MountMgr - ok
    13:25:40.0369 0644 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    13:25:40.0385 0644 mpio - ok
    13:25:40.0408 0644 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    13:25:40.0424 0644 mpsdrv - ok
    13:25:40.0451 0644 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    13:25:40.0494 0644 Mraid35x - ok
    13:25:40.0509 0644 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
    13:25:40.0535 0644 MRxDAV - ok
    13:25:40.0556 0644 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:25:40.0578 0644 mrxsmb - ok
    13:25:40.0590 0644 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:25:40.0616 0644 mrxsmb10 - ok
    13:25:40.0628 0644 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:25:40.0648 0644 mrxsmb20 - ok
    13:25:40.0671 0644 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
    13:25:40.0689 0644 msahci - ok
    13:25:40.0725 0644 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    13:25:40.0740 0644 msdsm - ok
    13:25:40.0755 0644 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    13:25:40.0772 0644 Msfs - ok
    13:25:40.0798 0644 msisadrv (e7204a02a42fc331e9ca9d9521105b14) C:\Windows\system32\drivers\msisadrv.sys
    13:25:40.0811 0644 msisadrv - ok
    13:25:40.0863 0644 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    13:25:40.0875 0644 MSKSSRV - ok
    13:25:40.0893 0644 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:25:40.0915 0644 MSPCLOCK - ok
    13:25:40.0937 0644 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    13:25:40.0950 0644 MSPQM - ok
    13:25:40.0976 0644 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
    13:25:40.0998 0644 MsRPC - ok
    13:25:41.0020 0644 mssmbios (c68739cfa09401233c72b1047dbf0008) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:25:41.0022 0644 mssmbios - ok
    13:25:41.0045 0644 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    13:25:41.0059 0644 MSTEE - ok
    13:25:41.0083 0644 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
    13:25:41.0101 0644 Mup - ok
    13:25:41.0146 0644 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
    13:25:41.0177 0644 NativeWifiP - ok
    13:25:41.0235 0644 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
    13:25:41.0255 0644 NDIS - ok
    13:25:41.0280 0644 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:25:41.0292 0644 NdisTapi - ok
    13:25:41.0314 0644 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:25:41.0325 0644 Ndisuio - ok
    13:25:41.0367 0644 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:25:41.0401 0644 NdisWan - ok
    13:25:41.0430 0644 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    13:25:41.0445 0644 NDProxy - ok
    13:25:41.0498 0644 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    13:25:41.0515 0644 NetBIOS - ok
    13:25:41.0568 0644 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
    13:25:41.0624 0644 netbt - ok
    13:25:41.0798 0644 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
    13:25:41.0991 0644 NETw5v64 - ok
    13:25:42.0035 0644 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    13:25:42.0050 0644 nfrd960 - ok
    13:25:42.0101 0644 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
    13:25:42.0125 0644 Npfs - ok
    13:25:42.0148 0644 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    13:25:42.0161 0644 nsiproxy - ok
    13:25:42.0212 0644 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
    13:25:42.0276 0644 Ntfs - ok
    13:25:42.0302 0644 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    13:25:42.0315 0644 Null - ok
    13:25:42.0358 0644 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    13:25:42.0377 0644 nvraid - ok
    13:25:42.0399 0644 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    13:25:42.0412 0644 nvstor - ok
    13:25:42.0453 0644 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    13:25:42.0471 0644 nv_agp - ok
    13:25:42.0481 0644 NwlnkFlt - ok
    13:25:42.0496 0644 NwlnkFwd - ok
    13:25:42.0543 0644 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
    13:25:42.0562 0644 ohci1394 - ok
    13:25:42.0615 0644 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    13:25:42.0631 0644 Parport - ok
    13:25:42.0651 0644 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
    13:25:42.0666 0644 partmgr - ok
    13:25:42.0682 0644 pci (7a3dc4201208437d7d5c426789e92054) C:\Windows\system32\drivers\pci.sys
    13:25:42.0699 0644 pci - ok
    13:25:42.0718 0644 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
    13:25:42.0730 0644 pciide - ok
    13:25:42.0753 0644 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    13:25:42.0809 0644 pcmcia - ok
    13:25:42.0858 0644 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
    13:25:42.0881 0644 PCTCore - ok
    13:25:42.0915 0644 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
    13:25:42.0952 0644 pctDS - ok
    13:25:42.0989 0644 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    13:25:43.0023 0644 PEAUTH - ok
    13:25:43.0075 0644 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
    13:25:43.0091 0644 PGEffect - ok
    13:25:43.0161 0644 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
    13:25:43.0179 0644 PptpMiniport - ok
    13:25:43.0203 0644 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    13:25:43.0230 0644 Processor - ok
    13:25:43.0270 0644 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
    13:25:43.0285 0644 PSched - ok
    13:25:43.0336 0644 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    13:25:43.0386 0644 ql2300 - ok
    13:25:43.0420 0644 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    13:25:43.0446 0644 ql40xx - ok
    13:25:43.0474 0644 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    13:25:43.0488 0644 QWAVEdrv - ok
    13:25:43.0649 0644 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
    13:25:43.0654 0644 RapportCerberus_34302 - ok
    13:25:43.0866 0644 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    13:25:43.0869 0644 RapportEI64 - ok
    13:25:43.0984 0644 RapportKE64 (f6cd072af2e424cd4ff82194e36a6f3c) C:\Windows\system32\Drivers\RapportKE64.sys
    13:25:43.0999 0644 RapportKE64 - ok
    13:25:44.0053 0644 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    13:25:44.0056 0644 RapportPG64 - ok
    13:25:44.0092 0644 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    13:25:44.0109 0644 RasAcd - ok
    13:25:44.0149 0644 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:25:44.0171 0644 Rasl2tp - ok
    13:25:44.0205 0644 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:25:44.0224 0644 RasPppoe - ok
    13:25:44.0236 0644 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
    13:25:44.0256 0644 RasSstp - ok
    13:25:44.0278 0644 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
    13:25:44.0311 0644 rdbss - ok
    13:25:44.0349 0644 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:25:44.0362 0644 RDPCDD - ok
    13:25:44.0392 0644 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    13:25:44.0423 0644 rdpdr - ok
    13:25:44.0433 0644 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    13:25:44.0447 0644 RDPENCDD - ok
    13:25:44.0488 0644 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
    13:25:44.0521 0644 RDPWD - ok
    13:25:44.0587 0644 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
    13:25:44.0601 0644 rimspci - ok
    13:25:44.0627 0644 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
    13:25:44.0640 0644 rixdpcie - ok
    13:25:44.0668 0644 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    13:25:44.0683 0644 rspndr - ok
    13:25:44.0733 0644 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
    13:25:44.0756 0644 RTL8169 - ok
    13:25:44.0795 0644 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    13:25:44.0810 0644 sbp2port - ok
    13:25:44.0840 0644 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
    13:25:44.0857 0644 sdbus - ok
    13:25:44.0884 0644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:25:44.0896 0644 secdrv - ok
    13:25:44.0934 0644 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    13:25:44.0947 0644 Serenum - ok
    13:25:44.0973 0644 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    13:25:44.0999 0644 Serial - ok
    13:25:45.0033 0644 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    13:25:45.0045 0644 sermouse - ok
    13:25:45.0085 0644 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    13:25:45.0097 0644 sffdisk - ok
    13:25:45.0114 0644 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    13:25:45.0127 0644 sffp_mmc - ok
    13:25:45.0142 0644 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    13:25:45.0155 0644 sffp_sd - ok
    13:25:45.0179 0644 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    13:25:45.0191 0644 sfloppy - ok
    13:25:45.0230 0644 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    13:25:45.0246 0644 SiSRaid2 - ok
    13:25:45.0280 0644 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    13:25:45.0297 0644 SiSRaid4 - ok
    13:25:45.0328 0644 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
    13:25:45.0346 0644 Smb - ok
    13:25:45.0369 0644 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
    13:25:45.0386 0644 spldr - ok
    13:25:45.0422 0644 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
    13:25:45.0456 0644 srv - ok
    13:25:45.0471 0644 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys
    13:25:45.0492 0644 srv2 - ok
    13:25:45.0504 0644 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
    13:25:45.0528 0644 srvnet - ok
    13:25:45.0562 0644 swenum (409f0882afbb34832b24370c23c550b2) C:\Windows\system32\DRIVERS\swenum.sys
    13:25:45.0574 0644 swenum - ok
    13:25:45.0603 0644 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    13:25:45.0616 0644 Symc8xx - ok
    13:25:45.0638 0644 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    13:25:45.0650 0644 Sym_hi - ok
    13:25:45.0678 0644 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    13:25:45.0691 0644 Sym_u3 - ok
    13:25:45.0743 0644 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
    13:25:45.0765 0644 SynTP - ok
    13:25:45.0821 0644 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys
    13:25:45.0911 0644 Tcpip - ok
    13:25:45.0944 0644 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys
    13:25:45.0956 0644 Tcpip6 - ok
    13:25:46.0000 0644 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
    13:25:46.0015 0644 tcpipreg - ok
    13:25:46.0048 0644 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    13:25:46.0063 0644 tdcmdpst - ok
    13:25:46.0085 0644 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    13:25:46.0111 0644 TDPIPE - ok
    13:25:46.0142 0644 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    13:25:46.0164 0644 TDTCP - ok
    13:25:46.0227 0644 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
    13:25:46.0242 0644 tdx - ok
    13:25:46.0295 0644 TermDD (134507aa0b5a2acf57f657d2f956f4e1) C:\Windows\system32\DRIVERS\termdd.sys
    13:25:46.0310 0644 TermDD - ok
    13:25:46.0374 0644 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
    13:25:46.0394 0644 Thpdrv - ok
    13:25:46.0430 0644 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
    13:25:46.0446 0644 Thpevm - ok
    13:25:46.0552 0644 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
    13:25:46.0571 0644 tos_sps64 - ok
    13:25:46.0611 0644 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:25:46.0625 0644 tssecsrv - ok
    13:25:46.0656 0644 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    13:25:46.0668 0644 tunmp - ok
    13:25:46.0680 0644 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
    13:25:46.0693 0644 tunnel - ok
    13:25:46.0733 0644 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    13:25:46.0749 0644 TVALZ - ok
    13:25:46.0776 0644 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    13:25:46.0798 0644 uagp35 - ok
    13:25:46.0825 0644 udfs (93edd10512c981d8f5189e1c048a4280) C:\Windows\system32\DRIVERS\udfs.sys
    13:25:46.0862 0644 udfs - ok
    13:25:46.0901 0644 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    13:25:46.0915 0644 uliagpkx - ok
    13:25:46.0947 0644 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    13:25:46.0970 0644 uliahci - ok
    13:25:46.0993 0644 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    13:25:47.0015 0644 UlSata - ok
    13:25:47.0044 0644 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    13:25:47.0079 0644 ulsata2 - ok
    13:25:47.0102 0644 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    13:25:47.0118 0644 umbus - ok
    13:25:47.0186 0644 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    13:25:47.0202 0644 USBAAPL64 - ok
    13:25:47.0235 0644 usbccgp (94d2ca4ea9272bf1feeb3bc3c5d1bed8) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:25:47.0252 0644 usbccgp - ok
    13:25:47.0281 0644 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    13:25:47.0301 0644 usbcir - ok
    13:25:47.0337 0644 usbehci (87c446527105dde271ad51bd6058b5b3) C:\Windows\system32\DRIVERS\usbehci.sys
    13:25:47.0349 0644 usbehci - ok
    13:25:47.0373 0644 usbhub (9c3af1c9e3255726ff4d2e3913312431) C:\Windows\system32\DRIVERS\usbhub.sys
    13:25:47.0407 0644 usbhub - ok
    13:25:47.0440 0644 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    13:25:47.0454 0644 usbohci - ok
    13:25:47.0477 0644 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
    13:25:47.0491 0644 usbprint - ok
    13:25:47.0530 0644 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:25:47.0544 0644 USBSTOR - ok
    13:25:47.0574 0644 usbuhci (1953695eaca70b7b0061dd00fd3656f8) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:25:47.0603 0644 usbuhci - ok
    13:25:47.0631 0644 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    13:25:47.0655 0644 usbvideo - ok
    13:25:47.0678 0644 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:25:47.0693 0644 vga - ok
    13:25:47.0718 0644 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    13:25:47.0741 0644 VgaSave - ok
    13:25:47.0762 0644 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    13:25:47.0773 0644 viaide - ok
    13:25:47.0797 0644 volmgr (28b52d1f950b36e03819013d0b7514bc) C:\Windows\system32\drivers\volmgr.sys
    13:25:47.0813 0644 volmgr - ok
    13:25:47.0830 0644 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
    13:25:47.0852 0644 volmgrx - ok
    13:25:47.0877 0644 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
    13:25:47.0910 0644 volsnap - ok
    13:25:47.0940 0644 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    13:25:47.0961 0644 vsmraid - ok
    13:25:47.0998 0644 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    13:25:48.0010 0644 WacomPen - ok
    13:25:48.0048 0644 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
    13:25:48.0066 0644 Wanarp - ok
    13:25:48.0071 0644 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
    13:25:48.0074 0644 Wanarpv6 - ok
    13:25:48.0117 0644 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    13:25:48.0161 0644 Wd - ok
    13:25:48.0218 0644 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    13:25:48.0283 0644 Wdf01000 - ok
    13:25:48.0369 0644 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    13:25:48.0468 0644 winachsf - ok
    13:25:48.0560 0644 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    13:25:48.0599 0644 WmiAcpi - ok
    13:25:48.0681 0644 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
    13:25:48.0700 0644 WpdUsb - ok
    13:25:48.0759 0644 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    13:25:48.0777 0644 ws2ifsl - ok
    13:25:48.0858 0644 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:25:48.0880 0644 WUDFRd - ok
    13:25:48.0922 0644 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    13:25:48.0945 0644 \Device\Harddisk0\DR0 - ok
    13:25:48.0950 0644 Boot (0x1200) (65ce09c4a9ad15c295a24d27deabe678) \Device\Harddisk0\DR0\Partition0
    13:25:48.0951 0644 \Device\Harddisk0\DR0\Partition0 - ok
    13:25:48.0959 0644 ============================================================
    13:25:48.0959 0644 Scan finished
    13:25:48.0959 0644 ============================================================
    13:25:48.0982 3928 Detected object count: 0
    13:25:48.0982 3928 Actual detected object count: 0
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run rKill one more time and then see if you can update and run Malwarebytes.
     
  7. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    MBAM log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8388

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    12/17/2011 3:33:20 PM
    mbam-log-2011-12-17 (15-33-20).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 342254
    Time elapsed: 1 hour(s), 6 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\owner\AppData\Local\Temp\opre0.5369636600064391.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good :)

    Please, download DDS from one of the 2 mirrors and save it to your desktop.

    Mirror 1
    Mirror 2

    * Disable any script blocking protection (if present)
    * Double click the dds icon to run the tool.
    * When done, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    * Save both reports to your desktop by clicking File>Save As in each log.

    Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

    ============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    DDS log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8388

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    12/17/2011 3:33:20 PM
    mbam-log-2011-12-17 (15-33-20).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 342254
    Time elapsed: 1 hour(s), 6 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\owner\AppData\Local\lsk.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\owner\AppData\Local\Temp\opre0.5369636600064391.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
     
  10. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    DDS log 2

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/2/2009 5:27:58 AM
    System Uptime: 12/17/2011 3:38:52 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 196.314 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP183: 5/28/2011 9:18:53 AM - Scheduled Checkpoint
    RP184: 5/30/2011 8:33:25 PM - Scheduled Checkpoint
    RP185: 6/30/2011 9:17:04 AM - Installed Windows Media Player Firefox Plugin
    RP186: 6/30/2011 5:20:12 PM - Windows Update
    RP187: 7/5/2011 9:11:15 AM - Scheduled Checkpoint
    RP188: 7/17/2011 9:09:23 AM - Scheduled Checkpoint
    RP189: 7/20/2011 8:36:02 PM - Scheduled Checkpoint
    RP190: 8/4/2011 6:31:18 PM - Scheduled Checkpoint
    RP191: 8/13/2011 1:53:55 PM - Scheduled Checkpoint
    RP192: 8/18/2011 10:29:02 PM - Removed iTunes
    RP193: 8/27/2011 9:46:35 AM - Scheduled Checkpoint
    RP194: 9/21/2011 8:14:21 AM - Scheduled Checkpoint
    RP195: 10/6/2011 12:48:59 PM - Scheduled Checkpoint
    RP196: 11/25/2011 6:07:11 PM - Scheduled Checkpoint
    RP197: 11/28/2011 12:40:37 PM - Installed Rapport
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.4.6
    Amazon Kindle For PC v1.0
    Amazon Links
    Apple Application Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    AVG Free 8.5
    Compatibility Pack for the 2007 Office system
    CyberLink PowerCinema for TOSHIBA
    Direct DiscRecorder
    DVD MovieFactory for TOSHIBA
    FlipShare
    FoxTab PDF Creator
    Full Tilt Poker
    Geek Squad 24 Hour Computer Support
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Product Detection
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    LightScribe 1.4.124.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB941833)
    OpenOffice.org 3.3
    Palm Desktop
    Picasa 3
    PokerStove version 1.23
    PokerTracker 3 (remove only)
    PostgreSQL 8.3
    QuickBooks Financial Center
    QuickTime
    Rapport
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    RICOH R5U230 Media Driver ver.2.02.02.01
    Safari
    Skype Launcher
    Spyware Doctor 8.0
    TOSHIBA Agreement Notification Utility
    Toshiba Application Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    Toshiba Quality Application
    Toshiba Registration
    Toshiba Resources Page
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TweetDeck
    Update for Office 2007 (KB946691)
    Visual C++ 8.0 Runtime Setup Package (x64)
    WebEx
    WildTangent Games
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/17/2011 3:43:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting

    for a transaction response from the ShellHWDetection service.
    12/17/2011 3:43:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card

    with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/17/2011 12:27:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

    to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC NetBIOS netbt nsiproxy PSched RapportKE64 RasAcd rdbss Smb spldr tdx Wanarpv6

    ws2ifsl
    12/16/2011 11:18:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting

    for the Windows Media Player Network Sharing Service service to connect.
    12/16/2011 11:18:15 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service

    failed to start due to the following error: The service did not respond to the start or control request in a timely

    fashion.
    12/15/2011 4:02:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

    to load: RapportKE64 spldr
    12/15/2011 4:01:53 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the

    following error: The system cannot find the file specified.
    12/15/2011 4:01:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed

    to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    12/15/2011 4:01:53 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service

    failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    12/15/2011 12:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    12/15/2011 12:38:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    12/15/2011 12:37:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

    to load: AvgLdx64 AvgMfx64 RapportKE64 spldr Wanarpv6
    12/15/2011 12:37:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service

    which failed to start because of the following error: The dependency service or group failed to start.
    12/15/2011 12:36:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/15/2011 12:36:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    12/15/2011 12:36:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/15/2011 12:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/15/2011 12:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/15/2011 1:20:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do

    not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to

    the user NED\owner SID (S-1-5-21-232412378-3118420049-1387226345-1000) from address LocalHost (Using LRPC). This security

    permission can be modified using the Component Services administrative tool.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

    to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC NetBIOS netbt nsiproxy PSched RapportKE64 RasAcd rdbss Smb spldr tdx Wanarpv6
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store

    Interface Service service which failed to start because of the following error: The dependency service or group failed to

    start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the

    Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the

    system is not functioning.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client

    Redirector Driver service which failed to start because of the following error: The dependency service or group failed to

    start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary

    Function Driver for Winsock service which failed to start because of the following error: A device attached to the system

    is not functioning.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends

    on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

    the system is not functioning.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the

    NSI proxy service service which failed to start because of the following error: A device attached to the system is not

    functioning.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the

    Network Store Interface Service service which failed to start because of the following error: The dependency service or

    group failed to start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network

    Location Awareness service which failed to start because of the following error: The dependency service or group failed to

    start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network

    Store Interface Service service which failed to start because of the following error: The dependency service or group

    failed to start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store

    Interface Service service which failed to start because of the following error: The dependency service or group failed to

    start.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI

    Support Driver service which failed to start because of the following error: A device attached to the system is not

    functioning.
    12/15/2011 1:10:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function

    Driver for Winsock service which failed to start because of the following error: A device attached to the system is not

    functioning.
    12/15/2011 1:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/15/2011 1:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/14/2011 9:31:15 PM, Error: netbt [4321] - The name "NED :0" could not be registered on the interface with IP

    address 192.168.1.4. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

    computer.
    12/14/2011 9:31:12 PM, Error: netbt [4321] - The name "NED :20" could not be registered on the interface with

    IP address 192.168.1.4. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

    computer.
    12/14/2011 6:39:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card

    with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/14/2011 12:08:24 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Bill Pay | Confirm Payments, owned by

    owner, failed to print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler.

    Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the

    document: 1. Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250.

    This network connection does not exist.
    12/14/2011 10:19:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network

    Card with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK

    message).
    12/13/2011 8:35:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.7 for the Network Card

    with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/11/2011 7:42:21 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Full page photo, owned by owner, failed

    to print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler. Data type: NT

    EMF 1.008. Size of the spool file in bytes: 28062864. Number of bytes printed: 0. Total number of pages in the document: 1.

    Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250. This network

    connection does not exist.
    12/11/2011 7:22:57 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6CDA61DC-

    6312-447C-BCBC-6270408EB988} because another computer on the network has the same name. The server could not start.
    12/11/2011 7:22:57 PM, Error: netbt [4321] - The name "NED :20" could not be registered on the interface with

    IP address 192.168.1.3. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

    computer.
    12/11/2011 7:22:57 PM, Error: netbt [4321] - The name "NED :0" could not be registered on the interface with IP

    address 192.168.1.3. The computer with the IP address 169.254.204.121 did not allow the name to be claimed by this

    computer.
    12/10/2011 9:32:56 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card

    with network address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/10/2011 8:33:03 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0

    bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an

    internal error.
    12/10/2011 5:54:15 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Test Page, owned by owner, failed to

    print on printer hp officejet 6100 series. Try to print the document again, or restart the print spooler. Data type: NT

    EMF 1.008. Size of the spool file in bytes: 104348. Number of bytes printed: 0. Total number of pages in the document: 1.

    Number of pages printed: 0. Client computer: \\NED. Win32 error code returned by the print processor: 2250. This network

    connection does not exist.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need DDS.txt and aswMBR logs.
     
  12. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    aswMBR log

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-17 17:40:20
    -----------------------------
    17:40:20.869 OS Version: Windows x64 6.0.6001 Service Pack 1
    17:40:20.869 Number of processors: 2 586 0x170A
    17:40:20.870 ComputerName: NED UserName:
    17:40:23.876 Initialize success
    17:43:10.691 AVAST engine defs: 11121702
    17:43:29.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:43:29.814 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
    17:43:29.829 Disk 0 MBR read successfully
    17:43:29.832 Disk 0 MBR scan
    17:43:29.910 Disk 0 Windows VISTA default MBR code
    17:43:29.914 Service scanning
    17:43:31.580 Modules scanning
    17:43:31.585 Disk 0 trace - called modules:
    17:43:31.595 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys PCTCore64.sys iaStor.sys hal.dll
    17:43:31.599 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cec060]
    17:43:31.602 3 CLASSPNP.SYS[fffffa60014fdb3a] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006b37280]
    17:43:31.605 5 thpdrv.sys[fffffa6001486c8d] -> nt!IofCallDriver -> [0xfffffa8006a32190]
    17:43:31.609 7 PCTCore64.sys[fffffa6000b75094] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bc7050]
    17:43:32.940 AVAST engine scan C:\Windows
    17:43:37.420 AVAST engine scan C:\Windows\system32
    17:46:34.697 AVAST engine scan C:\Windows\system32\drivers
    17:46:57.344 AVAST engine scan C:\Users\owner
    17:47:43.327 File: C:\Users\owner\AppData\Local\lsk.exe **INFECTED** Win32:FakeAV-CRG [Trj]
    17:49:47.792 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
    17:49:47.799 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBR.txt"
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You posted Attach.txt for the second time.
    I need DDS.txt log.
    Please pay attention.
     
  14. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    DDS text(I believe)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
    Run by owner at 17:59:13 on 2011-12-17
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.1455 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~2\AVG\AVG8\avgrsa.exe
    C:\PROGRA~2\AVG\AVG8\avgnsa.exe
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Windows\system32\ThpSrv.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~2\AVG\AVG8\avgemc.exe
    C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\palmOne\HOTSYNC.EXE
    C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\AVG\AVG8\avgtray.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\splwow64.exe
    C:\Users\owner\Downloads\aswMBR.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
    mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
    mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\HOTSYNC.EXE
    StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
    mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
    mRun-x64: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
    FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
    FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
    R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-10-5 908056]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-10-5 297752]
    R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-6-2 20544]
    R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
    R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
    R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-15 366840]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-15 1150936]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
    R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-10 855904]
    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-26 167264]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-17 21:14:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-15 21:55:27 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2011-12-15 21:55:27 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2011-12-15 21:55:26 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2011-12-15 21:55:26 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2011-12-15 21:55:25 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2011-12-15 21:55:22 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2011-12-15 21:55:18 -------- d-----w- C:\Users\owner\AppData\Roaming\PC Tools
    2011-12-15 21:55:18 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2011-12-15 21:55:18 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2011-12-15 21:44:35 -------- d-----w- C:\ProgramData\PC Tools
    2011-12-10 16:56:18 -------- d-----w- C:\ProgramData\AVG Secure Search
    2011-12-10 16:56:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2011-12-10 16:56:16 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2011-12-10 16:56:12 -------- d--h--w- C:\ProgramData\Common Files
    2011-11-28 20:41:44 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2011-11-28 20:41:21 -------- d-----w- C:\Users\owner\AppData\Local\Trusteer
    2011-11-28 20:41:05 -------- d-----w- C:\Program Files (x86)\Trusteer
    2011-11-28 20:38:20 -------- d-----w- C:\ProgramData\Trusteer
    .
    ==================== Find3M ====================
    .
    2011-12-18 01:59:32 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
    .
    ============= FINISH: 18:00:33.31 ===============
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    ComboFix log

    ComboFix 11-12-17.05 - owner 12/17/2011 18:44:27.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2626 [GMT -8:00]
    Running from: c:\users\owner\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108(1).url
    c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108(2).url
    c:\users\owner\AppData\Roaming\Microsoft\Windows\Recent\chdppin1108.url
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-17 21:14 . 2011-12-17 22:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-15 21:44 . 2011-12-18 02:37 -------- d-----w- c:\programdata\PC Tools
    2011-12-10 16:56 . 2011-12-10 16:56 -------- d--h--w- c:\programdata\Common Files
    2011-11-28 20:41 . 2011-11-08 05:28 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
    2011-11-28 20:41 . 2011-11-28 20:41 -------- d-----w- c:\users\owner\AppData\Local\Trusteer
    2011-11-28 20:41 . 2011-11-28 20:41 -------- d-----w- c:\program files (x86)\Trusteer
    2011-11-28 20:38 . 2011-11-28 20:38 -------- d-----w- c:\programdata\Trusteer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-18 02:57 . 2011-05-14 18:54 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
    "TANU"="c:\program files (x86)\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
    "PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-02-17 143360]
    "CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2009-02-17 196608]
    "NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
    "cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    .
    c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 133104]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]
    S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
    S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
    S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
    S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
    S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
    S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 17:35]
    .
    2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-28 17:35]
    .
    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 16:04]
    .
    2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
    - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 16:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 153624]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 225816]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 200216]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-13 7220768]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.9"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\sysWOW64\\macromed\\flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\sysWOW64\\macromed\\flash\\FlashUtil9f.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\Windows\\sysWOW64\\macromed\\flash\\FlashUtil9f.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-17 19:03:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-18 03:03
    .
    Pre-Run: 217,033,875,456 bytes free
    Post-Run: 217,825,894,400 bytes free
    .
    - - End Of File - - 4265A1BB2B8D858B6074D3094D7D9ECE
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    You can reinstall AVG now.

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL.Txt(partial)

    Its running fine.
    Thanks for your help.
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.26% Memory free
    7.94 Gb Paging File | 6.03 Gb Available in Paging File | 75.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.38 Gb Total Space | 201.86 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

    Computer Name: NED | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/18 11:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
    PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    PRC - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2009/04/16 17:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    PRC - [2009/04/16 17:42:54 | 002,513,472 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    PRC - [2009/03/30 15:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2009/03/28 11:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
    PRC - [2009/03/17 15:36:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2009/03/10 17:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/03/06 16:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    PRC - [2009/02/16 16:09:44 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/02/16 16:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    PRC - [2008/09/19 06:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    PRC - [2008/09/19 02:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\palmOne\HOTSYNC.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/07 21:32:14 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/03/17 19:58:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/02/16 16:09:46 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/02/16 16:09:42 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/04/14 16:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2009/03/17 10:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/03/06 17:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/02/27 07:26:38 | 001,461,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/02/27 05:56:50 | 000,830,224 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/02/19 13:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
    SRV:64bit: - [2008/08/22 09:26:52 | 000,535,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2008/03/18 11:26:56 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/11/21 15:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
    SRV - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
    SRV - [2009/04/16 17:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
    SRV - [2009/03/30 15:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/03/06 16:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2008/11/03 15:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/09/19 02:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
    SRV - [2008/01/20 18:50:58 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/07 21:28:40 | 000,063,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV:64bit: - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/24 13:29:40 | 000,206,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/03/25 16:23:26 | 000,035,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/03/18 10:46:44 | 000,032,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
    DRV:64bit: - [2009/03/18 09:20:08 | 000,265,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/03/03 11:14:24 | 008,040,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/02/12 14:28:00 | 000,057,344 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/02/11 16:26:18 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/01/27 18:12:14 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2009/01/14 12:50:50 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2008/11/17 06:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/09/22 05:49:58 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/03/21 11:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/01/20 18:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
    DRV:64bit: - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
    DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007/12/11 13:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2007/11/09 13:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2007/09/04 09:29:04 | 000,014,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
    DRV:64bit: - [2006/11/19 21:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
    DRV - [2011/12/15 09:01:48 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
    DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111109
    IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.10
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111109&q="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/17 19:21:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/12 08:19:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/24 20:26:38 | 000,000,000 | ---D | M]

    [2009/10/05 11:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2011/11/09 11:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\extensions
    [2011/11/09 11:39:33 | 000,001,945 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\searchplugins\bing-zugo.xml
    [2011/11/12 08:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/17 19:21:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2011/11/12 08:19:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/10 08:56:16 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/11/12 08:19:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/11/12 08:19:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/12/17 18:57:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TANU] C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
    O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG8\Notification\SPChecker.exe" /start File not found
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\TOSHIBA-3.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
    Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
     
  19. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL.Txt remainder

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/17 19:37:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/12/17 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\AVG2012
    [2011/12/17 19:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
    [2011/12/17 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2011/12/17 19:20:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2011/12/17 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2011/12/17 19:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/12/17 19:03:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/12/17 18:40:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/12/17 18:40:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/12/17 18:40:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/12/17 18:40:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/12/17 18:27:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/17 13:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/17 13:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/12/15 13:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/12/10 08:56:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2011/11/28 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Trusteer
    [2011/11/28 12:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
    [2011/11/28 12:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
    [2011/11/28 12:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
    [2011/11/21 11:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    ========== Files - Modified Within 30 Days ==========

    [2011/12/18 11:39:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
    [2011/12/18 11:30:47 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
    [2011/12/18 11:30:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 11:30:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 11:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/18 09:30:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/18 08:54:00 | 084,521,634 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2011/12/17 19:38:51 | 000,000,428 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2011/12/17 19:37:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/17 19:37:17 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/17 19:21:17 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/12/17 19:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
    [2011/12/17 19:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
    [2011/12/17 18:57:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/12/17 18:46:33 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/12/17 18:46:33 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/12/17 18:46:33 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/12/17 18:39:37 | 000,000,868 | ---- | M] () -- C:\Users\owner\Desktop\ComboFix - Shortcut.lnk
    [2011/12/17 17:49:47 | 000,000,512 | ---- | M] () -- C:\Users\owner\Documents\MBR.dat
    [2011/12/17 13:14:11 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
    [2011/12/17 13:02:23 | 000,009,890 | -HS- | M] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
    [2011/12/17 12:53:29 | 000,001,460 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps64.dat
    [2011/12/15 13:44:01 | 000,512,992 | ---- | M] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe
    [2011/12/14 19:31:15 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/12/05 06:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
    [2011/11/28 21:28:53 | 000,006,080 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
    [2011/11/28 11:52:35 | 000,000,933 | ---- | M] () -- C:\Users\owner\Desktop\Continue FoxTab PDF Creator Installation.lnk
    [2011/11/21 11:32:15 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

    ========== Files Created - No Company Name ==========

    [2011/12/18 08:54:00 | 084,521,634 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2011/12/17 19:21:17 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/12/17 18:40:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/12/17 18:40:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/12/17 18:40:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/12/17 18:40:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/12/17 18:40:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/17 18:39:37 | 000,000,868 | ---- | C] () -- C:\Users\owner\Desktop\ComboFix - Shortcut.lnk
    [2011/12/17 17:49:47 | 000,000,512 | ---- | C] () -- C:\Users\owner\Documents\MBR.dat
    [2011/12/17 13:14:11 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/17 13:00:52 | 4156,542,976 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/15 13:44:35 | 000,512,992 | ---- | C] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe
    [2011/12/15 11:26:04 | 000,009,890 | -HS- | C] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
    [2011/12/15 11:26:04 | 000,009,890 | -HS- | C] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
    [2011/11/28 12:41:44 | 000,063,760 | ---- | C] () -- C:\Windows\SysNative\drivers\RapportKE64.sys
    [2011/11/28 11:52:35 | 000,000,933 | ---- | C] () -- C:\Users\owner\Desktop\Continue FoxTab PDF Creator Installation.lnk
    [2011/11/21 11:32:15 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/11/09 11:39:37 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
    [2011/07/04 13:29:53 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
    [2010/10/27 08:20:33 | 000,006,080 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
    [2010/01/09 13:02:15 | 000,001,460 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps64.dat
    [2009/11/01 09:11:46 | 000,024,226 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
    [2009/10/24 11:15:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/10/22 08:09:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/10/21 11:34:04 | 000,000,804 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
    [2009/10/14 10:35:40 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
    [2009/10/10 18:46:13 | 000,025,088 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/05 11:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/06/26 08:42:28 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
    [2009/06/02 06:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2009/05/02 23:21:10 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
    [2009/05/02 23:21:10 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
    [2009/05/02 23:21:10 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
    [2009/05/02 23:21:10 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
    [2009/05/02 23:21:10 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
    [2009/05/02 23:21:10 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
    [2009/05/02 21:23:00 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/05/02 21:23:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/03/03 11:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/03/03 11:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
    [2009/03/03 11:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
    [2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/06/26 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\PowerCinema
    [2010/01/10 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Amazon
    [2011/09/21 11:24:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity
    [2011/12/17 19:23:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AVG2012
    [2011/05/14 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/08/06 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Flip Video
    [2011/03/17 21:14:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
    [2009/11/01 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking
    [2011/05/08 11:14:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PowerCinema
    [2009/10/21 11:34:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
    [2009/10/05 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TOSHIBA
    [2011/03/06 12:44:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2009/10/26 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
    [2009/06/26 08:41:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
    [2011/12/17 19:36:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/01/20 18:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2009/05/03 13:43:18 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/12/17 19:03:10 | 000,015,703 | ---- | M] () -- C:\ComboFix.txt
    [2009/10/04 12:26:10 | 000,000,122 | ---- | M] () -- C:\dfinstall.log
    [2011/12/17 19:37:17 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/02 04:12:02 | 000,000,513 | -H-- | M] () -- C:\log.txt
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/12/17 19:37:16 | 175,165,439 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/17 13:11:48 | 000,000,478 | ---- | M] () -- C:\rkill.log
    [2011/12/17 13:25:49 | 000,071,762 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_17.12.2011_13.25.00_log.txt
    [2009/10/04 17:15:43 | 000,007,935 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 07:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 19:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/25 11:54:51 | 000,000,350 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/15 13:44:01 | 000,512,992 | ---- | M] () -- C:\Users\owner\Desktop\sdsetup_revwire207.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/06/02 04:28:18 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2009/06/02 04:27:48 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2009/06/02 04:27:48 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/06/26 08:43:06 | 000,000,402 | -HS- | M] () -- C:\Users\owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/10/22 08:09:47 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2009/10/14 10:35:40 | 000,004,985 | ---- | M] () -- C:\ProgramData\ojvzdisj.xda
    [2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
     
  20. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    Extras.txt log

    OTL Extras logfile created on: 12/18/2011 11:36:02 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.26% Memory free
    7.94 Gb Paging File | 6.03 Gb Available in Paging File | 75.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.38 Gb Total Space | 201.86 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

    Computer Name: NED | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{063EE8FC-B74D-4170-8DDD-6B3D38993DBC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0FA69C4A-3ECA-418C-BE6C-725F153D08BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{10976C4F-CD51-4401-BAFB-AE6F4462E643}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{187364E4-02DF-4997-80F1-0A225E6F4AD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{19ED0CFC-3310-46D7-9B9C-EC85D7D76C57}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{2129A3FB-EACC-46F5-B3DD-D3D77FBA5464}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2BD5649F-7CA2-4867-BC02-0A4543EB7CCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{36BD21CE-C719-4D76-8FD2-BD8041431D88}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
    "{5718F1CA-D416-465A-A6A0-2A3659DD44D1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{5C66C7DF-EA70-4A39-9E03-DED3DD7AC1BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{706FEE63-6CCA-42C5-96CA-9D3725BE1543}" = rport=139 | protocol=6 | dir=out | app=system |
    "{768D16AD-DD2D-4110-9ADB-BC451A7A76F0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7B9DC25A-36DB-4103-87A7-32C8194158D6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{82FC83E1-2D7F-40B8-BACB-3FAB65F53E94}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{88578612-FFCB-40BB-91F6-6EC00FCDF38B}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
    "{89E6B23D-0415-4C11-92CB-E802851581FD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9424844A-C502-4294-BEA0-357AD594E555}" = rport=137 | protocol=17 | dir=out | app=system |
    "{9747837D-1451-4666-A9E7-67F1A303D74B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B4D79C52-A9D7-45FC-86C6-4FF470D915B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B9C53E9A-609D-474F-AF75-20D477BDB220}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D492469B-A827-4A75-9561-D94BE39CA51E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DFA94870-07AA-4662-96F2-583266A5B947}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{E075AF04-7909-402D-981C-0628BA89F630}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E48ECFC7-86D5-40C5-B0C4-4143EE1B9CD2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{EDFE7025-7726-4A23-A936-B1DFC648A3F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EF1E0DE1-A1AA-4303-AAE3-789BA698EBDB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F620B3B2-77B4-4523-A6FE-5E2BFF6F5014}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{FFA01970-609E-4655-8542-55E335378B42}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1734A747-37BA-42D0-BBEB-A0BA58A974EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
    "{35AE1CB6-DCE3-40B5-B374-E1BFDFB90911}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{3E3208D2-805A-4DD1-BDDA-90DC01B72648}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{3EDBF3DC-FFE7-4194-85BA-A09A2B2452C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{572C2F93-0FA9-4531-B9A7-0586B62CF151}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{5754E289-73E3-4CE7-BD13-34B7967D5753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{5BCDC29B-E442-4DB1-A5BF-76BF77681FC3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{6D9E3638-9C81-4925-BBCA-3830D4B119B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{73DF0412-3ABC-4B73-B42B-A9A37BC402A2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{78504FD1-E3D5-4703-876D-ACA627BE3499}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7EA374AB-B891-4BB2-B151-FF9455494292}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
    "{93FB4AC5-1BC3-4B26-9D6E-41BC8EF42909}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{9AC60AAE-AB6E-4CC9-BAE5-5A45EB3609F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
    "{A28CA3EB-0435-45A7-8EFB-47517674F47D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{AC1D8DCC-5AE8-4975-B6F8-F2D747AA96CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B199F0AE-FBA8-4A94-BBF3-473AF686F254}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B780A861-1DB2-405E-9101-78B0F7886680}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{BA24FE55-E81E-4F31-B5F9-CE9657624AE7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BB959481-8A47-4067-B204-A501667ED27D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D5D518E5-B9B8-4C83-A2A4-4C29D4617896}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E68F4239-C4CE-4661-8843-C776393F1823}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
    "{FA2A9F05-CB79-4A5A-B205-8562CB093623}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{FB5D9481-7079-4463-971F-38E0C8358C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "TCP Query User{211A230D-7681-4557-8765-2E94E33432F0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{344318C9-A8F7-4A4A-9DE6-F545B7A9CEE1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{36681FC1-6387-4398-AC4E-143315414CE1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{3963E0B7-E611-4AA2-8419-C0DFF9A28BF5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{B02A53A0-1D8F-4454-BF34-9FF6B3C6844D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{178E0772-2D89-4577-98D4-177DDB3E417F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{AA68C43D-D9F3-4FF6-895D-D2501201BF19}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{B2E0C190-0BCB-4E87-8B5F-7E1A0B9BF286}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{D44FDF77-19A3-48E5-B521-FBFBB141527F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{E23ED991-BF85-4BA1-82BA-790263BCBE38}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
    "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
    "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EC761E9C-5B2D-4C52-9C6D-7BB25712B258}" = AVG 2012
    "{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "AVG" = AVG 2012
    "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
    "{83475EE2-08BD-4134-B4F9-F3FA46EDC508}" = Geek Squad 24 Hour Computer Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
    "{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
    "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
    "{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
    "{EAEFE1C0-EB56-8963-9EC5-A0EB5FBA358D}" = TweetDeck
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "Picasa 3" = Picasa 3
    "PokerTracker3" = PokerTracker 3 (remove only)
    "Rapport_msi" = Rapport
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "WildTangent toshiba Master Uninstall" = WildTangent Games

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = WebEx
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/28/2011 9:43:59 PM | Computer Name = NED | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/28/2011 9:43:59 PM | Computer Name = NED | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/29/2011 12:06:00 PM | Computer Name = NED | Source = WinMgmt | ID = 10
    Description =

    Error - 11/7/2011 4:21:42 PM | Computer Name = NED | Source = Perflib | ID = 1023
    Description =

    Error - 11/7/2011 4:21:43 PM | Computer Name = NED | Source = Perflib | ID = 1008
    Description =

    Error - 11/7/2011 4:21:43 PM | Computer Name = NED | Source = Perflib | ID = 1023
    Description =

    Error - 12/7/2011 1:03:46 PM | Computer Name = NED | Source = Perflib | ID = 1023
    Description =

    Error - 12/7/2011 1:03:49 PM | Computer Name = NED | Source = Perflib | ID = 1008
    Description =

    Error - 12/7/2011 1:03:49 PM | Computer Name = NED | Source = Perflib | ID = 1023
    Description =

    Error - 12/7/2011 3:27:11 PM | Computer Name = NED | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 11/1/2010 10:14:44 PM | Computer Name = NED | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.35 for the Network Card with network
    address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/1/2010 11:17:02 PM | Computer Name = NED | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.36 for the Network Card with network
    address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/1/2010 11:17:40 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 11/1/2010 11:17:48 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 11/2/2010 12:28:17 AM | Computer Name = NED | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.37 for the Network Card with network
    address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/2/2010 12:28:32 AM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 11/2/2010 12:28:34 AM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 11/2/2010 1:10:41 PM | Computer Name = NED | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.39 for the Network Card with network
    address 0022FAE760B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/2/2010 1:10:51 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 11/2/2010 1:10:54 PM | Computer Name = NED | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-232412378-3118420049-1387226345-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      [2011/11/09 11:39:33 | 000,001,945 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\se archplugins\bing-zugo.xml
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
      O4 - HKU\S-1-5-21-232412378-3118420049-1387226345-1004..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG8\Notification\SPChecker.exe" /start File not found
      [2011/12/17 13:02:24 | 000,009,890 | -HS- | M] () -- C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k
      [2011/12/17 13:02:23 | 000,009,890 | -HS- | M] () -- C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    OTL log

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    File C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qzenkzp.default\se archplugins\bing-zugo.xml not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TWebCamera deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-232412378-3118420049-1387226345-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker deleted successfully.
    C:\ProgramData\vibahd5e3upe6uek6otu8t317s4k moved successfully.
    C:\Users\owner\AppData\Local\vibahd5e3upe6uek6otu8t317s4k moved successfully.
    ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Experience
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 16389362 bytes
    ->Temporary Internet Files folder emptied: 55848437 bytes
    ->Java cache emptied: 4077431 bytes
    ->FireFox cache emptied: 111585387 bytes
    ->Google Chrome cache emptied: 50892745 bytes
    ->Apple Safari cache emptied: 6819840 bytes
    ->Flash cache emptied: 443055 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 369 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9776213 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 244.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Experience

    User: owner
    ->Flash cache emptied: 0 bytes

    User: postgres

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12182011_121400

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6GQK2CK\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A710GOKJ\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MTHDVMW\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00PDJVWQ\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  23. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    checkup.txt

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  25. ryaned

    ryaned TS Rookie Topic Starter Posts: 88

    Broni
    Est still running.
    Ned
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...